Cyber Resilience

CVE-2023-43115

High

Published: 18 September 2023

Published
18 September 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.2168 95.9th percentile
Risk Priority 31 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-43115 is a high-severity an unspecified weakness vulnerability in Fedoraproject Fedora. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 4.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

In Artifex Ghostscript through version 10.01.2, the gdevijs.c component of GhostPDL permits remote code execution when processing crafted PostScript documents. The flaw arises because a document can activate the IJS device or modify the IjsServer parameter even after the SAFER sandbox has been enabled, bypassing its intended restrictions on external command execution.

An unauthenticated remote attacker can deliver a malicious PostScript file that triggers the vulnerability when opened or processed by a vulnerable Ghostscript installation. Successful exploitation grants the ability to execute arbitrary commands on the target system with the privileges of the Ghostscript process, corresponding to the CVSS 8.8 rating that reflects network attack vector, low complexity, and impacts on confidentiality, integrity, and availability.

Public references point to a corrective commit in the GhostPDL repository and subsequent package updates distributed by Fedora, indicating that mitigation consists of upgrading to a patched Ghostscript release that prevents post-SAFER changes to the IJS configuration. The associated EPSS score has remained at 0.2168 with no material increase observed after disclosure.

EU & UK References

Vulnerability details

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a…

more

documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

artifex
ghostscript
≤ 10.01.2
fedoraproject
fedora
38, 39

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References