{
  "threat_severity" : "Low",
  "public_date" : "2023-08-23T00:00:00Z",
  "bugzilla" : {
    "description" : "ghostscript: Incomplete fix for CVE-2020-16305",
    "id" : "2228151",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2228151"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-125",
  "details" : [ "A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.", "A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8." ],
  "statement" : "CVE-2020-16305 affected Red Hat Enterprise Linux 6, 7, and 8, but was only intended to be fixed in Red Hat Enterprise Linux 8. (https://access.redhat.com/errata/RHSA-2021:1852 (Red Hat Enterprise Linux 8.4)\nThat errata provided updates for ghostscript packages, but did not include fixes for CVE-2020-16305 as it was claimed. For more details about the original security issue CVE-2020-16305, refer to the CVE page: https://access.redhat.com/security/cve/CVE-2020-16305.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-11-14T00:00:00Z",
    "advisory" : "RHSA-2023:7053",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "ghostscript-0:9.27-11.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "ghostscript",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "ghostscript",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "gimp:flatpak/ghostscript",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "ghostscript",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-4042\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4042\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1870257" ],
  "name" : "CVE-2023-4042",
  "csaw" : false
}