Fluid Attacks Database

Description

An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	ghostscript	=10.0.0~dfsg-1 \|\| =10.0.0~dfsg-10 \|\| =10.0.0~dfsg-11 \|\| =10.0.0~dfsg-2 \|\| =10.0.0~dfsg-3 \|\| =10.0.0~dfsg-4 \|\| =10.0.0~dfsg-5 \|\| =10.0.0~dfsg-6 \|\| =10.0.0~dfsg-7 \|\| =10.0.0~dfsg-8 \|\| =10.0.0~dfsg-9 \|\| =10.01.2~dfsg-1 \|\| =10.02.0~dfsg-1 \|\| =10.02.0~dfsg-2 \|\| =10.02.1~dfsg-1 \|\| =10.02.1~dfsg-2 \|\| =10.02.1~dfsg-3 \|\| =10.03.0~dfsg-1 \|\| =10.03.1~dfsg-1 \|\| =10.03.1~dfsg-2 \|\| =10.03.1~dfsg~git20240518-1 \|\| =10.04.0~dfsg-1 \|\| =10.04.0~dfsg-2 \|\| =10.05.0~dfsg-1 \|\| =10.05.1~dfsg-1 \|\| =10.05.1~dfsg-2 \|\| =10.05.1~dfsg-3 \|\| =10.06.0~dfsg-1 \|\| =10.06.0~dfsg-2 \|\| =10.06.0~dfsg-3 \|\| =10.07.0~dfsg-1 \|\| =10.07.0~dfsg-2 \|\| =9.53.3~dfsg-7 \|\| =9.53.3~dfsg-7+deb11u1 \|\| =9.53.3~dfsg-7+deb11u10 \|\| =9.53.3~dfsg-7+deb11u11 \|\| =9.53.3~dfsg-7+deb11u2 \|\| =9.53.3~dfsg-7+deb11u3 \|\| =9.53.3~dfsg-7+deb11u4 \|\| =9.53.3~dfsg-7+deb11u5 \|\| =9.53.3~dfsg-7+deb11u6 \|\| =9.53.3~dfsg-7+deb11u7 \|\| =9.53.3~dfsg-7+deb11u8 \|\| =9.53.3~dfsg-7+deb11u9 \|\| =9.53.3~dfsg-8 \|\| =9.54.0~dfsg-1 \|\| =9.54.0~dfsg-2 \|\| =9.54.0~dfsg-3 \|\| =9.54.0~dfsg-4 \|\| =9.54.0~dfsg-5 \|\| =9.55.0~dfsg-1 \|\| =9.55.0~dfsg-2 \|\| =9.55.0~dfsg-3 \|\| =9.55.0~~rc1~dfsg-1 \|\| =9.56.0~dfsg-1 \|\| =9.56.0~~rc1~dfsg-1 \|\| =9.56.0~~rc2~dfsg-1 \|\| =9.56.1~dfsg-1	-
debian 12	ghostscript	=10.0.0~dfsg-11 \|\| =10.0.0~dfsg-11+deb12u1 \|\| =10.0.0~dfsg-11+deb12u2 \|\| =10.0.0~dfsg-11+deb12u3 \|\| =10.0.0~dfsg-11+deb12u4 \|\| =10.0.0~dfsg-11+deb12u5 \|\| =10.0.0~dfsg-11+deb12u6 \|\| =10.0.0~dfsg-11+deb12u7 \|\| =10.0.0~dfsg-11+deb12u8 \|\| =10.01.2~dfsg-1 \|\| =10.02.0~dfsg-1 \|\| =10.02.0~dfsg-2 \|\| =10.02.1~dfsg-1 \|\| =10.02.1~dfsg-2 \|\| =10.02.1~dfsg-3 \|\| =10.03.0~dfsg-1 \|\| =10.03.1~dfsg-1 \|\| =10.03.1~dfsg-2 \|\| =10.03.1~dfsg~git20240518-1 \|\| =10.04.0~dfsg-1 \|\| =10.04.0~dfsg-2 \|\| =10.05.0~dfsg-1 \|\| =10.05.1~dfsg-1 \|\| =10.05.1~dfsg-2 \|\| =10.05.1~dfsg-3 \|\| =10.06.0~dfsg-1 \|\| =10.06.0~dfsg-2 \|\| =10.06.0~dfsg-3 \|\| =10.07.0~dfsg-1 \|\| =10.07.0~dfsg-2	-
debian 13	ghostscript	>=0 <10.02.0~dfsg-1	10.02.0~dfsg-1
debian 14	ghostscript	>=0 <10.02.0~dfsg-1	10.02.0~dfsg-1
rpm rhel6	ghostscript	-	-
rpm rhel7	ghostscript	-	-

Aliases

1. CVE-2023-385602. NVD-2023-385603. OSV-DEBIAN-2023-385604. OSV-2023-385605. SECURITY-TRACKER-CVE-2023-38560

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.