Remote Code Execution Vulnerability in Artifex Ghostscript Printer Function
CVE-2023-46751

7.5HIGH

Key Information:

Vendor: Artifex
Status: Ghostscript
Vendor: CVE Published:; 6 December 2023

Summary

A vulnerability exists in Artifex Ghostscript, specifically in the function gdev_prn_open_printer_seekable(), allowing remote attackers to exploit a dangling pointer issue. This can lead to application crashes, potentially impacting system stability and availability. Users are advised to review the latest updates and apply necessary patches to mitigate risks associated with this vulnerability.

References

https://ghostscript.com/

https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3B...

https://bugs.ghostscript.com/show_bug.cgi?id=707264

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 6, 2023
Vulnerability Reserved
Oct 26, 2023