CVE-2023-4042: 
Ghostscript vulnerability analysis and mitigation

A flaw was discovered in the ghostscript package where the fix for CVE-2020-16305 was not properly included in the RHSA-2021:1852-06 advisory as previously claimed. This vulnerability, identified as CVE-2023-4042, specifically affects the ghostscript package as distributed with Red Hat Enterprise Linux 8. The issue was discovered in 2023 and was later addressed through RHSA-2023:7053 (Red Hat Advisory).

The vulnerability is related to an incomplete fix for a previous buffer overflow vulnerability (CVE-2020-16305) in the pcxwriterle() function in contrib/japanese/gdev10v.c. The original vulnerability allowed for potential out-of-bounds pointer dereferencing due to incorrect if statement conditional ordering. The CVSS v3.1 base score for this vulnerability is 5.5 (Medium), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (NVD).

The vulnerability primarily affects system availability, with no direct impact on confidentiality or integrity. The CVSS scoring indicates that successful exploitation could lead to high availability impact, though it requires local access and user interaction (Red Hat Advisory).

Red Hat has addressed this vulnerability by releasing an update through RHSA-2023:7053. Users are advised to update their ghostscript packages to version 9.27-11.el8. The fix is available for various architectures including x86_64, s390x, ppc64le, and aarch64 (Red Hat Advisory).