CVE-2023-46751: 
Ghostscript vulnerability analysis and mitigation

An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through version 10.02.0. The vulnerability, identified as CVE-2023-46751, allows remote attackers to crash the application via a dangling pointer. This security flaw was discovered in late 2023 and affects all Ghostscript/GhostPDL versions prior to 10.02.1 (Ghostscript Blog).

The vulnerability is classified as a Use After Free (CWE-416) issue. It received a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability characteristics indicate that it is network-accessible, requires low attack complexity, needs no privileges or user interaction, and has a high impact on availability (NVD).

The vulnerability primarily affects the availability of the system, with no direct impact on confidentiality or integrity. When exploited, it can cause the application to crash through access to previously freed memory, potentially leading to service disruption (NVD).

The vulnerability has been fixed in Ghostscript version 10.02.1. Various Linux distributions have released security updates to address this issue, including Ubuntu (version 10.02.1~dfsg1-0ubuntu1 for 24.04 LTS) and Debian (version 10.0.0~dfsg-11+deb12u3). Users are strongly recommended to upgrade to the patched versions (Debian Security, Ubuntu CVE).