CVE-2023-43115

HIGH

Artifex Ghostscript <= 10.01.2 - Remote Code Execution via IJS Device Parameter Manipulation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-43115. PoCs published by jostaub, manus-use.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2023-43115, explaining how Ghostscript's IJS server parameter can be exploited for arbitrary command execution. It discusses the vulnerability's root cause, the ineffective LockSafetyParams mitigation, and the fix involving the -dSAFER parameter.

Description

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).

Exploits (2)

nomisec WRITEUP 8 stars

by jostaub · poc

https://github.com/jostaub/ghostscript-CVE-2023-43115

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2023-43115, explaining how Ghostscript's IJS server parameter can be exploited for arbitrary command execution. It discusses the vulnerability's root cause, the ineffective LockSafetyParams mitigation, and the fix involving the -dSAFER parameter.

Classification

Writeup 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Ghostscript 9.55.0 and earlier

No auth needed

Prerequisites: User interaction to execute a crafted PostScript file or command-line argument

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

github WORKING POC

by manus-use · postscriptpoc

https://github.com/manus-use/cve-pocs/tree/main/ghostscript-CVE-2023-43115

View Code ZIP pw:eip

This repository contains functional exploit code for CVE-2017-12617, demonstrating remote code execution via Apache Tomcat's PUT method vulnerability. It includes a Dockerized victim environment and an attack script to upload a web shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache Tomcat 9.0.11

No auth needed

Prerequisites: Docker · curl · Apache Tomcat 9.0.11

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (5)

Core 5

Core References

Permissions Required

https://bugs.ghostscript.com/show_bug.cgi?id=707051

Product

https://ghostscript.com/

Broken Link

https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=e59216049cac290fb437a04c4f41ea46826cfba5

Mailing List vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IK3UXJ5HKMPAL5EQELJAWSRPA2AUOJJO/

Mailing List vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PG5AQV7JOL5TAU76FWPJCMSKO5DREKV5/

Scores

CVSS v3 8.8

EPSS 0.2168

EPSS Percentile 95.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published

Products (3)

artifex/ghostscript < 10.01.2

fedoraproject/fedora 38

fedoraproject/fedora 39

Published Sep 18, 2023

Tracked Since Feb 18, 2026