DescriptionAn integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ghostscript (PTS)bullseye (security), bullseye9.53.3~dfsg-7+deb11u7vulnerable
bookworm, bookworm (security)10.0.0~dfsg-11+deb12u4vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs

Notes;a=commitdiff;h=b7eb1d0174cb25a0cd44a1c0706c2ed73fc95bef (ghostpdl-10.02.0rc1)
Issue in PCL support shipped sourcewise in src:ghostscript

Search for package or bug name: Reporting problems