QwikSec

Security Database

CVE

CWE

Training

CVE-2023-43115

Published: Sep 18, 2023

Modified: Aug 2, 2024

PUBLISHED

Description

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://ghostscript.com/

https://bugs.ghostscript.com/show_bug.cgi?id=707051

https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=e59216049cac290fb437a04c4f41ea46826cfba5

FEDORA-2023-66d60c3df7

vendor-advisory

FEDORA-2023-c2665a9ff3

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.