CVE-2023-43115

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Sep 18, 2023

Updated: Feb 22, 2024

Summary

CVE-2023-43115 is a remote code execution vulnerability affecting Artifex Ghostscript through version 10.01.2. The issue lies in the gdevijs.c component of GhostPDL, which can be exploited through crafted PostScript documents. By manipulating the IJS device or changing the IjsServer parameter, an attacker can bypass the SAFER activation and execute arbitrary code. Notably, the IJS server can be specified on the gs command line, making this a documented risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

GhostScript
Fedora Operating System

Affected Vendors

Artifex
Fedora Project

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/st7ArK
https://www.cve.org/CVERecord?id=CVE-2023-43115
https://nvd.nist.gov/vuln/detail/CVE-2023-43115

Back to Vulnerability Database