CVE-2023-43115
Published: 18 September 2023
Summary
CVE-2023-43115 is a high-severity an unspecified weakness vulnerability in Fedoraproject Fedora. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 4.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
In Artifex Ghostscript through version 10.01.2, the gdevijs.c component of GhostPDL permits remote code execution when processing crafted PostScript documents. The flaw arises because a document can activate the IJS device or modify the IjsServer parameter even after the SAFER sandbox has been enabled, bypassing its intended restrictions on external command execution.
An unauthenticated remote attacker can deliver a malicious PostScript file that triggers the vulnerability when opened or processed by a vulnerable Ghostscript installation. Successful exploitation grants the ability to execute arbitrary commands on the target system with the privileges of the Ghostscript process, corresponding to the CVSS 8.8 rating that reflects network attack vector, low complexity, and impacts on confidentiality, integrity, and availability.
Public references point to a corrective commit in the GhostPDL repository and subsequent package updates distributed by Fedora, indicating that mitigation consists of upgrading to a patched Ghostscript release that prevents post-SAFER changes to the IJS configuration. The associated EPSS score has remained at 0.2168 with no material increase observed after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-47536
Vulnerability details
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a…
more
documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.