OESA-2023-1695
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1695
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2023-1695.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2023-1695
- Upstream
- Published
- 2023-09-28T11:06:02Z
- Modified
- 2025-09-03T06:19:27.963183Z
- Summary
- ghostscript security update
- Details
-
Ghostscript is an interpreter for PostScript™ and Portable Document Format (PDF) files. Ghostscript consists of a PostScript interpreter layer, and a graphics library.
Security Fix(es):
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).(CVE-2023-43115)
- Database specific
{ "severity": "Critical" }- References
Affected packages
openEuler:20.03-LTS-SP3 / ghostscript
Package
- Name
- ghostscript
- Purl
- pkg:rpm/openEuler/ghostscript&distro=openEuler-20.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.52-11.oe1
Ecosystem specific
{
"x86_64": [
"ghostscript-debugsource-9.52-11.oe1.x86_64.rpm",
"ghostscript-tools-dvipdf-9.52-11.oe1.x86_64.rpm",
"ghostscript-debuginfo-9.52-11.oe1.x86_64.rpm",
"ghostscript-devel-9.52-11.oe1.x86_64.rpm",
"ghostscript-9.52-11.oe1.x86_64.rpm"
],
"aarch64": [
"ghostscript-tools-dvipdf-9.52-11.oe1.aarch64.rpm",
"ghostscript-devel-9.52-11.oe1.aarch64.rpm",
"ghostscript-9.52-11.oe1.aarch64.rpm",
"ghostscript-debuginfo-9.52-11.oe1.aarch64.rpm",
"ghostscript-debugsource-9.52-11.oe1.aarch64.rpm"
],
"noarch": [
"ghostscript-help-9.52-11.oe1.noarch.rpm"
],
"src": [
"ghostscript-9.52-11.oe1.src.rpm"
]
}