CVE-2023-4042 : A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was n

A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.

Published 2023-08-23 13:15:08

Updated 2023-12-27 22:04:29

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2023-4042

Redhat » Enterprise Linux » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Power Little Endian » Version: 8.0 Ppc64le
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Ibm Z Systems » Version: 8.0 S390x
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
Matching versions
Redhat » Codeready Linux Builder » Version: 8.0
cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Codeready Linux Builder For Ibm Z Systems » Version: 8.0 S390x
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
Matching versions
Redhat » Codeready Linux Builder For Power Little Endian » Version: 8.0 Ppc64le
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Arm 64 » Version: 8.0 Aarch64
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
Matching versions
Redhat » Codeready Linux Builder For Arm64 » Version: 8.0 Aarch64
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0_aarch64:*:*:*:*:*:*:*
Matching versions
Artifex » Ghostscript
Versions before (<) 9.51
cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-4042

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 4 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-4042

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	1.8	3.6	Red Hat, Inc.
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2023-4042

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: secalert@redhat.com (Secondary)
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-4042

https://access.redhat.com/security/cve/CVE-2023-4042

CVE-2023-4042- Red Hat Customer Portal
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2228151

2228151 – (CVE-2023-4042) CVE-2023-4042 ghostscript: Incomplete fix for CVE-2020-16305
Issue Tracking;Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7053

RHSA-2023:7053 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1870257

1870257 – (CVE-2020-16305) CVE-2020-16305 ghostscript: buffer overflow in pcx_write_rle() in contrib/japanese/gdev10v.c could result in a DoS
Issue Tracking;Third Party Advisory

Jump to

Vulnerability Details : CVE-2023-4042

Products affected by CVE-2023-4042

Exploit prediction scoring system (EPSS) score for CVE-2023-4042

CVSS scores for CVE-2023-4042

CWE ids for CVE-2023-4042

References for CVE-2023-4042