What is CVE-2023-36664?

CVE-2023-36664 is a high-severity vulnerability affecting Artifex Ghostscript, Debian Linux, and Fedora systems. This vulnerability involves mishandling of permission validation for pipe devices, which could lead to unauthorized access and potential security risks.

Who is impacted by this?

Systems running affected versions of Artifex Ghostscript, Debian Linux, and Fedora are at risk and should take appropriate measures to address this issue. If you are using any of these affected versions, it is important to be aware of this vulnerability and take appropriate measures to address it.

What should I do if I’m affected?

If you're affected by the CVE-2023-36664 vulnerability, it's important to take action to protect your system. Here's a simple guide to help you:

1. Update Artifex Ghostscript to the latest version, if applicable.

2. For Debian Linux users, keep your system updated with the latest security patches.

3. Fedora users should update the ghostscript package to version 9.56.1-8.fc37.

4. Regularly monitor security advisories for any new information or updates.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-36664 vulnerability, which affects Artifex Ghostscript, Debian Linux, and Fedora systems, is not listed in CISA's Known Exploited Vulnerabilities Catalog.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as NVD-CWE-Other, indicating a lack of specific details about the vulnerability and its mitigation.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources below.

• NVD - CVE-2023-36664

• Bugzilla (Access Denied)

• Fedora 37 Update: ghostscript-9.56.1-8.fc37