Advisories ยป MGASA-2023-0260

Updated ghostscript packages fix security vulnerability

Publication date: 11 Sep 2023
Modification date: 11 Sep 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2023-36664 , CVE-2023-38559

Description

Ghostscript through 10.01.2 mishandles permission validation for pipe
devices (with the %pipe% prefix or the | pipe character prefix).
(CVE-2023-36664)

A buffer overflow flaw was found in base/gdevdevn.c:1973 in
devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker
to cause a denial of service via outputting a crafted PDF file for a DEVN
device with gs. (CVE-2023-38559)
                

References

SRPMS

9/core

8/core