ALPINE-CVE-2023-36664

See a problem?
Please try reporting it to the source first.

Source

https://security.alpinelinux.org/vuln/CVE-2023-36664

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2023-36664.json

JSON Data

https://api.test.osv.dev/v1/vulns/ALPINE-CVE-2023-36664

Upstream

CVE-2023-36664

Published

2023-06-25T22:15:21.463Z

Modified

2025-11-14T04:27:16.539608Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

References

https://security.alpinelinux.org/vuln/CVE-2023-36664

Affected packages

Alpine:v3.15 / ghostscript

Package

Name: ghostscript
Purl: pkg:apk/alpine/ghostscript?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.55.0-r2

Affected versions

8.*

8.64-r0

8.70-r0

8.71-r0

8.71-r1

8.71-r2

8.71-r3

8.71-r4

9.*

9.00-r0

9.00-r1

9.00-r2

9.04-r0

9.05-r0

9.05-r1

9.06-r0

9.06-r1

9.06-r2

9.06-r3

9.07-r0

9.09-r0

9.09-r1

9.10-r0

9.10-r1

9.15-r0

9.15-r1

9.16-r0

9.16-r1

9.16-r2

9.18-r0

9.19-r0

9.19-r1

9.20-r0

9.20-r1

9.21-r0

9.21-r1

9.21-r2

9.21-r3

9.22-r0

9.24-r0

9.25-r0

9.25-r1

9.26-r0

9.26-r1

9.26-r2

9.27-r0

9.27-r1

9.27-r2

9.27-r3

9.27-r4

9.50-r0

9.51-r0

9.52-r0

9.53.1-r0

9.53.2-r0

9.53.3-r0

9.54.0-r0

9.54.0-r1

9.55.0-r0

9.55.0-r1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2023-36664.json"

Alpine:v3.16 / ghostscript