MGASA-2023-0134

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2023-0134.html

Import Source

https://advisories.mageia.org/MGASA-2023-0134.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2023-0134

Related

CVE-2023-28879

Published

2023-04-11T19:02:20Z

Modified

2023-04-11T17:55:10Z

Summary

Updated ghostscript packages fix security vulnerability

Details

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written. (CVE-2023-28879)

References

https://advisories.mageia.org/MGASA-2023-0134.html
https://bugs.mageia.org/show_bug.cgi?id=31758
https://www.debian.org/lts/security/2023/dla-3381

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2023-0134

Affected packages