CVE-2015-3228
Description
Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.967
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| PostScript and PDF interpreter (USN-2697-1) libgs9_9.15+dfsg-0ubuntu2.1_i386.deb | Linux |
| PostScript and PDF interpreter (USN-2697-1) libgs9_9.15+dfsg-0ubuntu2.1_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-2697-1) libgs9_9.10~dfsg-0ubuntu10.4_i386.deb | Linux |
| ghostscript security update(DSA-3326-1) ghostscript_9.06~dfsg-2+deb8u1_i386.deb | Linux |
| ghostscript security update(DSA-3326-1) ghostscript_9.06~dfsg-2+deb8u1_amd64.deb | Linux |
| SUSE-SU-2016:0884-1(SUSE Linux Enterprise Desktop 12 ) ghostscript-9.15-6.5.x86_64.rpm | Linux |
| SUSE-SU-2016:0884-1(SUSE Linux Enterprise Desktop 12 ) ghostscript-debuginfo-9.15-6.5.x86_64.rpm | Linux |
| SUSE-SU-2016:0884-1(SUSE Linux Enterprise Desktop 12 ) ghostscript-debugsource-9.15-6.5.x86_64.rpm | Linux |
| SUSE-SU-2016:0884-1(SUSE Linux Enterprise Desktop 12 ) ghostscript-x11-9.15-6.5.x86_64.rpm | Linux |
| SUSE-SU-2016:0884-1(SUSE Linux Enterprise Desktop 12 ) ghostscript-x11-debuginfo-9.15-6.5.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234