CVE-2023-52722

Name	CVE-2023-52722
Description	An issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-5692-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
ghostscript (PTS)	bullseye (security), bullseye	9.53.3~dfsg-7+deb11u7	fixed
	bookworm, bookworm (security)	10.0.0~dfsg-11+deb12u4	fixed
	trixie	10.03.1~dfsg-1	fixed
	sid	10.03.1~dfsg-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
ghostscript	source	bullseye	9.53.3~dfsg-7+deb11u7	DSA-5692-1
ghostscript	source	bookworm	10.0.0~dfsg-11+deb12u4	DSA-5692-1
ghostscript	source	(unstable)	10.02.0~dfsg-1

Notes

[buster] - ghostscript <ignored> (fix requires API functions introduced in 9.50)
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=afd7188f74918cb51b5fb89f52b54eb16e8acfd1 (ghostpdl-10.03.0rc1)
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1ff9a695947967d2d327c45bf5145dd381fc1745 (ghostpdl-10.02.0)
API functions used by fixing commit were introduced in:
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=9de16a6637b73e35f79d2d622de403b24e6502f2