Search for vulnerabilities
Vulnerability details: VCID-mq7g-44dd-qbbf
Vulnerability ID VCID-mq7g-44dd-qbbf
Aliases CVE-2023-38560
Summary An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format.
Status Published
Exploitability 0.5
Weighted Severity 5.0
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-190 Integer Overflow or Wraparound
System Score Found at
cvssv3 5.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38560.json
cvssv3.1 5.5 https://access.redhat.com/security/cve/CVE-2023-38560
ssvc Track https://access.redhat.com/security/cve/CVE-2023-38560
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2023-38560
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2023-38560
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2023-38560
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2023-38560
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2023-38560
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2023-38560
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2023-38560
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2023-38560
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2023-38560
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2023-38560
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2023-38560
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2023-38560
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2023-38560
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-38560
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-38560
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-38560
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-38560
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-38560
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-38560
cvssv3.1 5.5 https://bugs.ghostscript.com/show_bug.cgi?id=706898
ssvc Track https://bugs.ghostscript.com/show_bug.cgi?id=706898
cvssv3.1 5.5 https://bugzilla.redhat.com/show_bug.cgi?id=2224368
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2224368
cvssv3.1 7.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.5 https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c
ssvc Track https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2023-38560
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38560.json
https://api.first.org/data/v1/epss?cve=CVE-2023-38560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38560
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cpe:2.3:a:artifex:ghostscript:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:artifex:ghostscript:-:*:*:*:*:*:*:*
cpe:/o:redhat:enterprise_linux:6 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
CVE-2023-38560 https://access.redhat.com/security/cve/CVE-2023-38560
CVE-2023-38560 https://nvd.nist.gov/vuln/detail/CVE-2023-38560
?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c
show_bug.cgi?id=2224368 https://bugzilla.redhat.com/show_bug.cgi?id=2224368
show_bug.cgi?id=706898 https://bugs.ghostscript.com/show_bug.cgi?id=706898
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38560.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/security/cve/CVE-2023-38560
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T18:44:07Z/ Found at https://access.redhat.com/security/cve/CVE-2023-38560
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://bugs.ghostscript.com/show_bug.cgi?id=706898
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T18:44:07Z/ Found at https://bugs.ghostscript.com/show_bug.cgi?id=706898
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2224368
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T18:44:07Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2224368
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T18:44:07Z/ Found at https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-38560
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.02941
EPSS Score 0.00018
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:33:31.016762+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2023/38xxx/CVE-2023-38560.json 37.0.0