Description
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.
References (10)
Core 10
Core References
Exploit, Vendor Advisory
https://bugs.ghostscript.com/show_bug.cgi?id=706494
Release Notes
https://ghostscript.readthedocs.io/en/latest/News.html
Patch
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=37ed5022cecd584de868933b5b60da2e995b3179
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2023/04/msg00003.html
Third Party Advisory vendor-advisory
https://www.debian.org/security/2023/dsa-5383
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CI6UCKM3XMK7PYNIRGAVDJ5VKN6XYZOE/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHJX62KSRIOBZA6FKONMJP7MEFY7LTH2/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MADLP3GWJFLLFVNZGEDNPMDQR6CCXAHN/
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202309-03
Mailing List mailing-list
http://www.openwall.com/lists/oss-security/2023/04/12/4
Scores
CVSS v3
9.8
EPSS
0.3076
EPSS Percentile
96.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-787
Status
published
Products (3)
artifex/ghostscript
< 10.01.0
debian/debian_linux
10.0
debian/debian_linux
11.0
Published
Mar 31, 2023
Tracked Since
Feb 18, 2026