CVE-2023-38559: Ghostscript: out-of-bound read in base/gdevdevn.c:1973 in devn_pcx_write_rle could result in dos
A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.
Security readout for executives and security teams
Plain-English summary
CVE-2023-38559 is a Ghostscript flaw that can crash processing when a crafted PDF is handled for a DEVN device. The documented impact is denial of service, not data theft or remote code execution. Business urgency is highest where servers automatically process untrusted PDFs or images using Ghostscript.
Executive priority
Schedule remediation in the next normal patch cycle, sooner for public-facing or business-critical document-processing services. The risk is mainly service disruption from crafted files, with no confirmed active exploitation in the provided sources.
Technical view
The issue is an out-of-bounds read/buffer overflow in base/gdevdevn.c within devn_pcx_write_rle(). Red Hat rates it Medium with CVSS 5.5: local attack vector, low complexity, no privileges, user interaction required, and high availability impact. Listed affected packages include ghostscript on RHEL 8 and 9 and gimp flatpak/ghostscript on RHEL 8.
Likely exposure
Exposure is most likely on Linux systems running affected Ghostscript packages, especially automated document conversion, print, scanning, or image-processing workflows that accept PDFs from users or external parties. Red Hat lists RHEL 8 and 9 ghostscript as affected; RHEL 6 and 7 status is unknown in the provided data.
Exploitation context
The sources describe local exploitation requiring a crafted PDF and user interaction with gs output to a DEVN device. CISA KEV status is false in the provided bundle, and no cited source states active exploitation. Treat this as a reliability and service-availability risk rather than a confirmed breach-enabling issue.
Researcher notes
The public record links the flaw to Ghostscript bug 706897 and commit d81b82c70bc1. There is some wording inconsistency: the description says buffer overflow, while CWE is CWE-125 out-of-bounds read. Validate against vendor package metadata rather than assuming all Ghostscript builds are affected.
Mitigation direction
Apply the relevant Ghostscript updates from Red Hat advisories RHSA-2023:6544 and RHSA-2023:7053.
Update Fedora, Debian LTS, or other distributions using their referenced security advisories.
Restrict automated Ghostscript processing of untrusted PDFs until patched.
For unsupported or unclear versions, check the vendor’s current Ghostscript guidance.
Validation and detection
Inventory systems with ghostscript or gimp flatpak/ghostscript installed.
Compare installed package versions against vendor advisories for your distribution.
Identify services that automatically process user-supplied PDFs through Ghostscript.
Confirm patched packages are deployed after maintenance.
Review logs for repeated Ghostscript crashes in document-processing workflows.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-125: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-125 · source CWE mapping
Out-of-bounds Read
Out-of-bounds Read represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.