CVE-2023-4042

Ghostscript: incomplete fix for cve-2020-16305

Published: 8/23/2023 Last updated: 7/1/2025 Reserved: 8/1/2023

A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	5.5	Medium	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Opam packages affected (1)

conf-ghostscript

Products affected (10)

Product	Vendor	Version
Red Hat Enterprise Linux 9	Red Hat	7.0.2
Red Hat Enterprise Linux 6	Red Hat	23.0 ap378153
Red Hat Enterprise Linux 7	Red Hat	< 17.4R3-S5
Red Hat Enterprise Linux 7	Red Hat	7.0.0
Red Hat Enterprise Linux 8	Red Hat	9.14.4.22
Red Hat Enterprise Linux 9	Red Hat	23.0 ap383754
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 6	Red Hat	< 6.2.9200.23347
Red Hat Enterprise Linux 8	Red Hat	9.14.4.23
Red Hat Enterprise Linux 8	Red Hat	n/a

CVE-2023-4042

Ghostscript: incomplete fix for cve-2020-16305

Metrics

Opam packages affected (1)

Products affected (10)

References (16)