Search for vulnerabilities
Vulnerability details: VCID-va2m-qd9m-8ye8
Vulnerability ID VCID-va2m-qd9m-8ye8
Aliases CVE-2023-28879
Summary In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
cvssv3 8.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28879.json
epss 0.15384 https://api.first.org/data/v1/epss?cve=CVE-2023-28879
epss 0.15384 https://api.first.org/data/v1/epss?cve=CVE-2023-28879
epss 0.15384 https://api.first.org/data/v1/epss?cve=CVE-2023-28879
epss 0.3164 https://api.first.org/data/v1/epss?cve=CVE-2023-28879
epss 0.3164 https://api.first.org/data/v1/epss?cve=CVE-2023-28879
epss 0.3164 https://api.first.org/data/v1/epss?cve=CVE-2023-28879
epss 0.3164 https://api.first.org/data/v1/epss?cve=CVE-2023-28879
epss 0.3164 https://api.first.org/data/v1/epss?cve=CVE-2023-28879
epss 0.3164 https://api.first.org/data/v1/epss?cve=CVE-2023-28879
epss 0.3164 https://api.first.org/data/v1/epss?cve=CVE-2023-28879
epss 0.3164 https://api.first.org/data/v1/epss?cve=CVE-2023-28879
epss 0.3164 https://api.first.org/data/v1/epss?cve=CVE-2023-28879
epss 0.3164 https://api.first.org/data/v1/epss?cve=CVE-2023-28879
epss 0.3164 https://api.first.org/data/v1/epss?cve=CVE-2023-28879
epss 0.3164 https://api.first.org/data/v1/epss?cve=CVE-2023-28879
cvssv3.1 9.8 https://bugs.ghostscript.com/show_bug.cgi?id=706494
ssvc Track* https://bugs.ghostscript.com/show_bug.cgi?id=706494
cvssv3.1 7.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 9.8 https://ghostscript.readthedocs.io/en/latest/News.html
ssvc Track* https://ghostscript.readthedocs.io/en/latest/News.html
cvssv3.1 9.8 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=37ed5022cecd584de868933b5b60da2e995b3179
ssvc Track* https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=37ed5022cecd584de868933b5b60da2e995b3179
cvssv3.1 9.8 https://lists.debian.org/debian-lts-announce/2023/04/msg00003.html
ssvc Track* https://lists.debian.org/debian-lts-announce/2023/04/msg00003.html
cvssv3.1 9.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CI6UCKM3XMK7PYNIRGAVDJ5VKN6XYZOE/
ssvc Track* https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CI6UCKM3XMK7PYNIRGAVDJ5VKN6XYZOE/
cvssv3.1 9.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHJX62KSRIOBZA6FKONMJP7MEFY7LTH2/
ssvc Track* https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHJX62KSRIOBZA6FKONMJP7MEFY7LTH2/
cvssv3.1 9.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MADLP3GWJFLLFVNZGEDNPMDQR6CCXAHN/
ssvc Track* https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MADLP3GWJFLLFVNZGEDNPMDQR6CCXAHN/
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2023-28879
cvssv3.1 9.8 https://security.gentoo.org/glsa/202309-03
ssvc Track* https://security.gentoo.org/glsa/202309-03
cvssv3.1 9.8 https://www.debian.org/security/2023/dsa-5383
ssvc Track* https://www.debian.org/security/2023/dsa-5383
cvssv3.1 9.8 http://www.openwall.com/lists/oss-security/2023/04/12/4
ssvc Track* http://www.openwall.com/lists/oss-security/2023/04/12/4
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28879.json
https://api.first.org/data/v1/epss?cve=CVE-2023-28879
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28879
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1033757 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033757
202309-03 https://security.gentoo.org/glsa/202309-03
2184585 https://bugzilla.redhat.com/show_bug.cgi?id=2184585
4 http://www.openwall.com/lists/oss-security/2023/04/12/4
CI6UCKM3XMK7PYNIRGAVDJ5VKN6XYZOE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CI6UCKM3XMK7PYNIRGAVDJ5VKN6XYZOE/
cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
CVE-2023-28879 https://nvd.nist.gov/vuln/detail/CVE-2023-28879
DHJX62KSRIOBZA6FKONMJP7MEFY7LTH2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHJX62KSRIOBZA6FKONMJP7MEFY7LTH2/
dsa-5383 https://www.debian.org/security/2023/dsa-5383
MADLP3GWJFLLFVNZGEDNPMDQR6CCXAHN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MADLP3GWJFLLFVNZGEDNPMDQR6CCXAHN/
msg00003.html https://lists.debian.org/debian-lts-announce/2023/04/msg00003.html
News.html https://ghostscript.readthedocs.io/en/latest/News.html
?p=ghostpdl.git%3Ba=commit%3Bh=37ed5022cecd584de868933b5b60da2e995b3179 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=37ed5022cecd584de868933b5b60da2e995b3179
RHSA-2023:6544 https://access.redhat.com/errata/RHSA-2023:6544
RHSA-2023:7053 https://access.redhat.com/errata/RHSA-2023:7053
show_bug.cgi?id=706494 https://bugs.ghostscript.com/show_bug.cgi?id=706494
USN-6017-1 https://usn.ubuntu.com/6017-1/
USN-6017-2 https://usn.ubuntu.com/6017-2/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28879.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugs.ghostscript.com/show_bug.cgi?id=706494
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-14T19:29:27Z/ Found at https://bugs.ghostscript.com/show_bug.cgi?id=706494
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ghostscript.readthedocs.io/en/latest/News.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-14T19:29:27Z/ Found at https://ghostscript.readthedocs.io/en/latest/News.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=37ed5022cecd584de868933b5b60da2e995b3179
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-14T19:29:27Z/ Found at https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=37ed5022cecd584de868933b5b60da2e995b3179
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2023/04/msg00003.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-14T19:29:27Z/ Found at https://lists.debian.org/debian-lts-announce/2023/04/msg00003.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CI6UCKM3XMK7PYNIRGAVDJ5VKN6XYZOE/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-14T19:29:27Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CI6UCKM3XMK7PYNIRGAVDJ5VKN6XYZOE/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHJX62KSRIOBZA6FKONMJP7MEFY7LTH2/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-14T19:29:27Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHJX62KSRIOBZA6FKONMJP7MEFY7LTH2/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MADLP3GWJFLLFVNZGEDNPMDQR6CCXAHN/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-14T19:29:27Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MADLP3GWJFLLFVNZGEDNPMDQR6CCXAHN/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-28879
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202309-03
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-14T19:29:27Z/ Found at https://security.gentoo.org/glsa/202309-03
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2023/dsa-5383
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-14T19:29:27Z/ Found at https://www.debian.org/security/2023/dsa-5383
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/04/12/4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-14T19:29:27Z/ Found at http://www.openwall.com/lists/oss-security/2023/04/12/4
Exploit Prediction Scoring System (EPSS)
Percentile 0.94389
EPSS Score 0.15384
Published At Aug. 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:30:36.327449+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.16/main.json 37.0.0