1213634 – (CVE-2023-38560) VUL-0: CVE-2023-38560: ghostscript,ghostscript-library: integer overflow during parsing of a corrupt TrueType font

Bug 1213634 (CVE-2023-38560) - VUL-0: CVE-2023-38560: ghostscript,ghostscript-library: integer overflow during parsing of a corrupt TrueType font

Summary: VUL-0: CVE-2023-38560: ghostscript,ghostscript-library: integer overflow duri...

Status:	RESOLVED FIXED

Alias:	CVE-2023-38560

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Major
Target Milestone:	---
Assignee:	Johannes Meixner
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/373358/
Whiteboard:	CVSSv3.1:SUSE:CVE-2023-38560:7.8:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-07-25 10:17 UTC by Carlos López
Modified:	2023-07-25 10:19 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Carlos López 2023-07-25 10:17:42 UTC

CVE-2023-38560

An Integer overflow in pcl/pl/plfont.c:418 in pl_glyph_name allows a local attacker to cause a denial of service via a rafted PCL file and tranforming it to PDF format

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38560
https://bugzilla.redhat.com/show_bug.cgi?id=2224368

Comment 1 Carlos López 2023-07-25 10:19:24 UTC

We do not ship the affected code, closing.