out of date Ghostscript in Paperless-NGX

scooke

HI,
I'm processing a bunch of PDFs at in the logs there is this message

The installed version of Ghostscript 9.55.0, contains a remote code execution security vulnerability. Please upgrade to a newer version. For details see CVE-2023-43115. The issue is not known to affect OCRmyPDF or processing PDFs with Ghostscript, but upgrading Ghostscript is recommended.
Dec 30 21:38:12[2023-12-30 20:38:12,849] [INFO] [ocrmypdf._pipelines.ocr] Start processing 12 pages concurrently

However, I thought I saw in the updates for this app that Ghostscript was updated to 10.x.x. Is this needing to be fixed? Thanks!

girish

They don't seem o have made their way into Ubuntu atleast. I could also not figure where this error message is coming from. Cannot find it any code repo.

Even Ubuntu 23.10 only has older gs. Probably not important.

$ gs --version
10.01.2

girish

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43115 is the CVE and also appears in security advisory in https://www.ghostscript.com/