CVE-2023-28879
Published: 31 March 2023
Summary
CVE-2023-28879 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Debian Debian Linux. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 3.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2023-28879 is a buffer overflow vulnerability in Artifex Ghostscript through version 10.01.0, located in base/sbcp.c. It affects the BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode functions within the PostScript interpreter. The flaw occurs when a write buffer reaches one byte less than capacity and an escaped character is subsequently written, resulting in two bytes being written and potential corruption of internal interpreter data. The issue is tracked under CWE-787 and carries a CVSS 3.1 score of 9.8.
Remote attackers without authentication or user interaction can exploit the vulnerability over a network to corrupt interpreter state, which may lead to impacts on confidentiality, integrity, and availability. Successful exploitation requires an attacker to supply input that triggers the affected encoding or decoding routines during PostScript processing.
Advisories and patches referenced in the Ghostscript commit history, Debian LTS announcements, and oss-security lists indicate that the issue is resolved in later releases, with the fix available via the referenced git commit and updated packages. The EPSS score reached a peak of 0.3422 with a current value of 0.2776, indicating moderate post-disclosure interest in exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-32499
Vulnerability details
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less…
more
than full, and one then tries to write an escaped character, two bytes are written.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.