CVE-2023-4042

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-4042
A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2023:7053 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-4042 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1870257 Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2228151 Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
History

No history.

Information

Published : 2023-08-23 13:15

Updated : 2023-12-27 22:04

NVD link : CVE-2023-4042

Mitre link : CVE-2023-4042

CVE.ORG link : CVE-2023-4042

JSON object : View

Products Affected

artifex

  • ghostscript

redhat

  • codeready_linux_builder_for_ibm_z_systems
  • codeready_linux_builder_for_power_little_endian
  • codeready_linux_builder
  • enterprise_linux
  • enterprise_linux_for_power_little_endian
  • enterprise_linux_for_arm_64
  • enterprise_linux_for_ibm_z_systems
  • codeready_linux_builder_for_arm64
CWE
CWE-787

Out-of-bounds Write

CWE-125

Out-of-bounds Read