MGASA-2023-0134

Source
https://advisories.mageia.org/MGASA-2023-0134.html
Import Source
https://advisories.mageia.org/MGASA-2023-0134.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2023-0134
Related
Published
2023-04-11T19:02:20Z
Modified
2023-04-11T17:55:10Z
Summary
Updated ghostscript packages fix security vulnerability
Details

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written. (CVE-2023-28879)

References
Credits

Affected packages

Mageia:8 / ghostscript

Package

Name
ghostscript
Purl
pkg:rpm/mageia/ghostscript?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.53.3-2.4.mga8

Ecosystem specific

{
    "section": "core"
}