Search for vulnerabilities
Vulnerability details: VCID-yxgx-pr1m-rfhb
Vulnerability ID VCID-yxgx-pr1m-rfhb
Aliases CVE-2023-43115
Summary In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).
Status Published
Exploitability 0.5
Weighted Severity 7.9
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-94 Improper Control of Generation of Code ('Code Injection')
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43115.json
epss 0.09902 https://api.first.org/data/v1/epss?cve=CVE-2023-43115
epss 0.09902 https://api.first.org/data/v1/epss?cve=CVE-2023-43115
epss 0.09902 https://api.first.org/data/v1/epss?cve=CVE-2023-43115
epss 0.20058 https://api.first.org/data/v1/epss?cve=CVE-2023-43115
epss 0.20058 https://api.first.org/data/v1/epss?cve=CVE-2023-43115
epss 0.20058 https://api.first.org/data/v1/epss?cve=CVE-2023-43115
epss 0.20058 https://api.first.org/data/v1/epss?cve=CVE-2023-43115
epss 0.20058 https://api.first.org/data/v1/epss?cve=CVE-2023-43115
epss 0.20058 https://api.first.org/data/v1/epss?cve=CVE-2023-43115
epss 0.20058 https://api.first.org/data/v1/epss?cve=CVE-2023-43115
epss 0.20058 https://api.first.org/data/v1/epss?cve=CVE-2023-43115
epss 0.20058 https://api.first.org/data/v1/epss?cve=CVE-2023-43115
epss 0.20058 https://api.first.org/data/v1/epss?cve=CVE-2023-43115
epss 0.20058 https://api.first.org/data/v1/epss?cve=CVE-2023-43115
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-43115
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43115.json
https://api.first.org/data/v1/epss?cve=CVE-2023-43115
https://bugs.ghostscript.com/show_bug.cgi?id=707051
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43115
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://ghostscript.com/
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=e59216049cac290fb437a04c4f41ea46826cfba5
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IK3UXJ5HKMPAL5EQELJAWSRPA2AUOJJO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PG5AQV7JOL5TAU76FWPJCMSKO5DREKV5/
2241108 https://bugzilla.redhat.com/show_bug.cgi?id=2241108
cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
CVE-2023-43115 https://nvd.nist.gov/vuln/detail/CVE-2023-43115
RHSA-2023:5868 https://access.redhat.com/errata/RHSA-2023:5868
RHSA-2023:6265 https://access.redhat.com/errata/RHSA-2023:6265
RHSA-2023:6732 https://access.redhat.com/errata/RHSA-2023:6732
USN-6433-1 https://usn.ubuntu.com/6433-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43115.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-43115
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.92744
EPSS Score 0.09902
Published At Aug. 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:35:56.196683+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/6433-1/ 37.0.0