CVE-2021-45949

Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).
Configurations

Configuration 1 (hide)

cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

07 Nov 2023, 03:39

Type Values Removed Values Added
References
  • {'url': 'https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7', 'name': 'https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7', 'tags': ['Patch', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=2a3129365d3bc0d4a41f107ef175920d1505d1f7 -

21 Jan 2022, 14:41

Type Values Removed Values Added
References (MLIST) https://lists.debian.org/debian-lts-announce/2022/01/msg00006.html - (MLIST) https://lists.debian.org/debian-lts-announce/2022/01/msg00006.html - Mailing List, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2022/dsa-5038 - (DEBIAN) https://www.debian.org/security/2022/dsa-5038 - Third Party Advisory
CPE cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
First Time Debian
Debian debian Linux

15 Jan 2022, 00:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/01/msg00006.html -

10 Jan 2022, 14:11

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2022/dsa-5038 -
CVSS v2 : 2.1
v3 : 5.5
v2 : 4.3
v3 : 5.5

07 Jan 2022, 18:43

Type Values Removed Values Added
CWE CWE-787
First Time Artifex
Artifex ghostscript
CVSS v2 : unknown
v3 : unknown
v2 : 2.1
v3 : 5.5
CPE cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*
References (MISC) https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675 - (MISC) https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675 - Exploit, Issue Tracking, Third Party Advisory
References (MISC) https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml - (MISC) https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml - Third Party Advisory
References (MISC) https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7 - (MISC) https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7 - Patch, Third Party Advisory

01 Jan 2022, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-01-01 00:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-45949

Mitre link : CVE-2021-45949

CVE.ORG link : CVE-2021-45949


JSON object : View

Products Affected

artifex

  • ghostscript

debian

  • debian_linux
CWE
CWE-787

Out-of-bounds Write