CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-2085
https://notcve.org/view.php?id=CVE-2022-2085
A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash. Se ha encontrado una vulnerabilidad de desreferencia de puntero NULL en Ghostscript, que es producida cuando trata de representar un gran número de bits en la memoria. • http://git.ghostscript.com/?p=ghostpdl.git%3Bh=ae1061d948d88667bdf51d47d918c4684d0f67df https://bugs.ghostscript.com/show_bug.cgi?id=704945 https://bugzilla.redhat.com/show_bug.cgi?id=2095261 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERSZX5LKDWAHZWJYBMP2E2UHOPUCDEGV https://security.gentoo.org/glsa/202211-11 https://security.gentoo.org/glsa/202309-03 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-25059
https://notcve.org/view.php?id=CVE-2019-25059
Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839. Artifex Ghostscript versiones hasta 9.26 maneja inapropiadamente .completefont. NOTA: este problema se presenta debido a una corrección incompleta de CVE-2019-3839 • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=430e219ea17a2650577d70021399c4ead05869e0 https://lists.debian.org/debian-lts-announce/2022/05/msg00000.html •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-45944
https://notcve.org/view.php?id=CVE-2021-45944
Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp). Ghostscript GhostPDL versiones 9.50 hasta 9.53.3, presenta un uso de memoria previamente liberada en la función sampled_data_sample (llamado desde sampled_data_continue e interp). • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29903 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30715 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=7861fcad13c497728189feafb41cd57b5b50ea25 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml https://github.com/google/oss-fuzz-vulns/issues/16 https://lists.debian.org/debian-lts-announce/2022/01/msg00006.html https://www.debian.org/security/2022/dsa-5038 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-45949
https://notcve.org/view.php?id=CVE-2021-45949
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp). Ghostscript GhostPDL versiones 9.50 a 9.54.0, presenta un desbordamiento de búfer en la región heap de la memoria en la función sampled_data_finish (llamado desde sampled_data_continue e interp). • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=2a3129365d3bc0d4a41f107ef175920d1505d1f7 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml https://lists.debian.org/debian-lts-announce/2022/01/msg00006.html https://www.debian.org/security/2022/dsa-5038 • CWE-787: Out-of-bounds Write •
CVSS: 9.9EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3781
https://notcve.org/view.php?id=CVE-2021-3781
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se ha encontrado un fallo de escape trivial del sandbox (habilitado con la opción "-dSAFER") en el intérprete de ghostscript al inyectar un comando de tubería especialmente diseñado. Este fallo permite que un documento especialmente diseñado ejecute comandos arbitrarios en el sistema en el contexto del intérprete ghostscript. • https://bugzilla.redhat.com/show_bug.cgi?id=2002271 https://ghostscript.com/CVE-2021-3781.html https://security.gentoo.org/glsa/202211-11 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •