CVE-2023-28879

9.8CRITICAL

Key Information

Vendor: Artifex
Status: Ghostscript
Vendor: CVE Published:; 31 March 2023

Summary

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Mar 31, 2023
Vulnerability Reserved.
Mar 27, 2023

Collectors

NVD DatabaseMitre Database