2253365 – (CVE-2023-46751) CVE-2023-46751 ghostscript: dangling pointer in gdev_prn_open_printer_seekable()

Bug 2253365 (CVE-2023-46751) - CVE-2023-46751 ghostscript: dangling pointer in gdev_prn_open_printer_seekable()

Summary: CVE-2023-46751 ghostscript: dangling pointer in gdev_prn_open_printer_seekable()

Keywords:
Status:	NEW
Alias:	CVE-2023-46751
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2253366
Blocks:	2253353
TreeView+	depends on / blocked

Reported:	2023-12-06 22:00 UTC by Robb Gatica
Modified:	2024-03-13 11:28 UTC (History)
CC List:	1 user (show)
Fixed In Version:	ghostscript 10.02.1
Doc Type:	---
Doc Text:	A flaw was found in Ghostscript. A remote attacker may use a specially crafted payload to trigger access to previously freed memory, which can potentially lead to remote code execution or an application crash.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Robb Gatica 2023-12-06 22:00:15 UTC

An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.

https://bugs.ghostscript.com/show_bug.cgi?id=707264
https://ghostscript.com/
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=dcdbc595c13c9d11d235702dff46bb74c80f7698

Comment 1 Robb Gatica 2023-12-06 22:00:33 UTC

Created ghostscript tracking bugs for this issue:

Affects: fedora-all [bug 2253366]

Comment 3 Michael J Gruber 2023-12-09 16:18:44 UTC

That commit has been backported as commit 5d2da96e81c7455338302c71a291088a8396245a which is contained in gs 10.02.1.

Note You need to log in before you can comment on or make changes to this bug.