Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-36664

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

Published

2023-06-25T22:15:21.463

Last Modified

2024-12-05T15:15:07.693

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Primary
NVD-CWE-Other
Type: Secondary
CWE-552

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	artifex	ghostscript	≤ 10.01.2	Yes
Operating System	debian	debian_linux	11.0	Yes
Operating System	debian	debian_linux	12.0	Yes
Operating System	fedoraproject	fedora	37	Yes
Operating System	fedoraproject	fedora	38	Yes

References

https://bugs.ghostscript.com/show_bug.cgi?id=706761 Issue Tracking, Permissions Required ([email protected])
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d ([email protected])
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=505eab7782b429017eb434b2b95120855f2b0e3c ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ICXN5VPF3WJCYKMPSYER5KHTPJXSTJZ/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5EWMEK2UPCUU3ZLL7VASE5CEHDQY4VKV/ ([email protected])
https://security.gentoo.org/glsa/202309-03 ([email protected])
https://www.debian.org/security/2023/dsa-5446 Third Party Advisory ([email protected])
https://bugs.ghostscript.com/show_bug.cgi?id=706761 Issue Tracking, Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d (af854a3a-2127-422b-91ae-364da2661108)
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=505eab7782b429017eb434b2b95120855f2b0e3c (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ICXN5VPF3WJCYKMPSYER5KHTPJXSTJZ/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5EWMEK2UPCUU3ZLL7VASE5CEHDQY4VKV/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202309-03 (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2023/dsa-5446 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)