Description
A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.
References (4)
Core 4
Core References
Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1870257
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:7053
Third Party Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-4042
Issue Tracking, Third Party Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2228151
Scores
CVSS v3
5.5
EPSS
0.0004
EPSS Percentile
10.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-125
CWE-787
Status
published
Products (9)
artifex/ghostscript
< 9.51
redhat/codeready_linux_builder
8.0
redhat/codeready_linux_builder_for_arm64
8.0_aarch64
redhat/codeready_linux_builder_for_ibm_z_systems
8.0_s390x
redhat/codeready_linux_builder_for_power_little_endian
8.0_ppc64le
redhat/enterprise_linux
8.0
redhat/enterprise_linux_for_arm_64
8.0_aarch64
redhat/enterprise_linux_for_ibm_z_systems
8.0_s390x
redhat/enterprise_linux_for_power_little_endian
8.0_ppc64le
Published
Aug 23, 2023
Tracked Since
Feb 18, 2026