CVE-2023-38560

Publication date 1 August 2023

Last updated 24 July 2024


Ubuntu priority

Negligible

Why this priority?

Cvss 3 Severity Score

5.5 · Medium

Score breakdown

An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format.

Read the notes from the security team

Why is this CVE negligible priority?

PCL is not built by default, some releases don't include pcl/ dir

Learn more about Ubuntu priority

Status

Package Ubuntu Release Status
ghostscript 23.04 lunar Ignored end of life, was ignored [code not built]
22.04 LTS jammy
Not affected
20.04 LTS focal Ignored code not built
18.04 LTS bionic
Not affected
16.04 LTS xenial
Not affected
14.04 LTS trusty Ignored end of standard support

Notes


rodrigo-zaiden

by default, PCL is not built in Ubuntu, this happens with the usage of the build option --without-pcl. most releases don't package pcl/ dir. PCL is not built or packed due to a build issue with system-shared libjpeg. more in https://bugs.ghostscript.com/show_bug.cgi?id=696654

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
ghostscript

Severity score breakdown

Parameter Value
Base score 5.5 · Medium
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H