CVE-2021-45949

Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).
Configurations

Configuration 1 (hide)

cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*

History

15 Jan 2022, 00:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/01/msg00006.html -

10 Jan 2022, 14:11

Type Values Removed Values Added
CVSS v2 : 2.1
v3 : 5.5
v2 : 4.3
v3 : 5.5
References
  • (DEBIAN) https://www.debian.org/security/2022/dsa-5038 -

07 Jan 2022, 18:43

Type Values Removed Values Added
CWE CWE-787
CVSS v2 : unknown
v3 : unknown
v2 : 2.1
v3 : 5.5
First Time Artifex
Artifex ghostscript
References (MISC) https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675 - (MISC) https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675 - Exploit, Issue Tracking, Third Party Advisory
References (MISC) https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml - (MISC) https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml - Third Party Advisory
References (MISC) https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7 - (MISC) https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7 - Patch, Third Party Advisory
CPE cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*

01 Jan 2022, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-01-01 00:15

Updated : 2022-01-15 00:15


NVD link : CVE-2021-45949

Mitre link : CVE-2021-45949


JSON object : View

Products Affected

artifex

  • ghostscript
CWE
CWE-787

Out-of-bounds Write