Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-1350

Опубликовано: 14 апр. 2022
Источник: debian
EPSS Низкий

Описание

A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ghostscriptfixed10.0.0~dfsg-3package

Примечания

  • https://vuldb.com/?id.197290

  • https://bugs.ghostscript.com/show_bug.cgi?id=705156

  • https://bugs.ghostscript.com/attachment.cgi?id=22323

  • Issue is in GhostPCL sourcewise shipped in src:ghostscript

  • Upstream report is as per 2022-04-15 not yet public

  • Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e1134d375e2ca176068e19a2aa9b040baffe1c22

  • Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2dbc87e52c59f3845bdb6eca5bc982c7f51564ce

EPSS

Процентиль: 53%
0.00305
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-1350

CVSS3: 4.3
ubuntu
почти 4 года назад

A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue.

redhat логотип

CVE-2022-1350

CVSS3: 4.3
redhat
почти 4 года назад

A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue.

nvd логотип

CVE-2022-1350

CVSS3: 4.3
nvd
почти 4 года назад

A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue.

github логотип

GHSA-jpg4-pmwv-rq38

CVSS3: 7.8
github
почти 4 года назад

A vulnerability classified as problematic was found in Ghostscript 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue.

fstec логотип

BDU:2023-09081

CVSS3: 7.5
fstec
почти 4 года назад

Уязвимость функции chunk_free_object компонента gsmchunk.c набора программного обеспечения обработки документов Ghostscript, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 53%
0.00305
Низкий