diff -Nru ghostscript-10.0.0~dfsg1/debian/changelog ghostscript-10.0.0~dfsg1/debian/changelog
--- ghostscript-10.0.0~dfsg1/debian/changelog	2023-07-05 16:45:07.000000000 +0000
+++ ghostscript-10.0.0~dfsg1/debian/changelog	2023-08-15 10:25:30.000000000 +0000
@@ -1,3 +1,12 @@
+ghostscript (10.0.0~dfsg1-0ubuntu1.3) lunar-security; urgency=medium
+
+  * SECURITY UPDATE: buffer overflow
+    - debian/patches/CVE-2023-38559.patch: bounds check the buffer prior to
+      deferencing the pointer in devn_pcx_write_rle() in base/gdevdevn.c.
+    - CVE-2023-38559
+
+ -- Allen Huang <allen.huang@canonical.com>  Tue, 15 Aug 2023 11:25:30 +0100
+
 ghostscript (10.0.0~dfsg1-0ubuntu1.2) lunar-security; urgency=medium
 
   * SECURITY UPDATE: incorrect permission validation for pipe devices
diff -Nru ghostscript-10.0.0~dfsg1/debian/patches/CVE-2023-38559.patch ghostscript-10.0.0~dfsg1/debian/patches/CVE-2023-38559.patch
--- ghostscript-10.0.0~dfsg1/debian/patches/CVE-2023-38559.patch	1970-01-01 00:00:00.000000000 +0000
+++ ghostscript-10.0.0~dfsg1/debian/patches/CVE-2023-38559.patch	2023-08-15 10:24:52.000000000 +0000
@@ -0,0 +1,24 @@
+From d81b82c70bc1fb9991bb95f1201abb5dea55f57f Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Mon, 17 Jul 2023 14:06:37 +0100
+Subject: [PATCH] Bug 706897: Copy pcx buffer overrun fix from
+ devices/gdevpcx.c
+
+Bounds check the buffer, before dereferencing the pointer.
+---
+ base/gdevdevn.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: ghostscript-10.0.0~dfsg1/base/gdevdevn.c
+===================================================================
+--- ghostscript-10.0.0~dfsg1.orig/base/gdevdevn.c
++++ ghostscript-10.0.0~dfsg1/base/gdevdevn.c
+@@ -1950,7 +1950,7 @@ devn_pcx_write_rle(const byte * from, co
+         byte data = *from;
+ 
+         from += step;
+-        if (data != *from || from == end) {
++        if (from >= end || data != *from) {
+             if (data >= 0xc0)
+                 gp_fputc(0xc1, file);
+         } else {
diff -Nru ghostscript-10.0.0~dfsg1/debian/patches/series ghostscript-10.0.0~dfsg1/debian/patches/series
--- ghostscript-10.0.0~dfsg1/debian/patches/series	2023-07-05 16:45:00.000000000 +0000
+++ ghostscript-10.0.0~dfsg1/debian/patches/series	2023-08-15 10:24:43.000000000 +0000
@@ -14,3 +14,4 @@
 CVE-2023-28879-post.patch
 CVE-2023-36664-1.patch
 CVE-2023-36664-2.patch
+CVE-2023-38559.patch