{"id":"MGASA-2023-0260","summary":"Updated ghostscript packages fix security vulnerability","details":"Ghostscript through 10.01.2 mishandles permission validation for pipe\ndevices (with the %pipe% prefix or the | pipe character prefix).\n(CVE-2023-36664)\n\nA buffer overflow flaw was found in base/gdevdevn.c:1973 in\ndevn_pcx_write_rle() in ghostscript. This issue may allow a local attacker\nto cause a denial of service via outputting a crafted PDF file for a DEVN\ndevice with gs. (CVE-2023-38559)\n","modified":"2026-02-01T16:11:12.153810Z","published":"2023-09-11T13:07:54Z","related":["CVE-2023-36664","CVE-2023-38559"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0260.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32237"},{"type":"REPORT","url":"https://www.debian.org/security/2023/dsa-5446"},{"type":"REPORT","url":"https://ubuntu.com/security/notices/USN-6213-1"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32070"},{"type":"REPORT","url":"https://ubuntu.com/security/notices/USN-6297-1"}],"affected":[{"package":{"name":"ghostscript","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/ghostscript?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.53.3-2.6.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0260.json"}},{"package":{"name":"ghostscript","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/ghostscript?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.00.0-6.2.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0260.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}