CVE-2021-45944

Опубликовано: 01 янв. 2022

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).

Ссылки

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29903
Exploit
Issue Tracking
Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30715
Third Party Advisory
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=7861fcad13c497728189feafb41cd57b5b50ea25
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml
Third Party Advisory
https://github.com/google/oss-fuzz-vulns/issues/16
Issue Tracking
https://lists.debian.org/debian-lts-announce/2022/01/msg00006.html
Mailing List
Third Party Advisory
https://www.debian.org/security/2022/dsa-5038
Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29903
Exploit
Issue Tracking
Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30715
Third Party Advisory
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=7861fcad13c497728189feafb41cd57b5b50ea25
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml
Third Party Advisory
https://github.com/google/oss-fuzz-vulns/issues/16
Issue Tracking
https://lists.debian.org/debian-lts-announce/2022/01/msg00006.html
Mailing List
Third Party Advisory
https://www.debian.org/security/2022/dsa-5038
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*

Версия от 9.50 (включая) до 9.53.3 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.0031

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-416

Связанные уязвимости

CVE-2021-45944

CVSS3: 5.5

ubuntu

около 4 лет назад

Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).

CVE-2021-45944

CVSS3: 5.5

redhat

около 4 лет назад

Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).

CVE-2021-45944

CVSS3: 5.5

debian

около 4 лет назад

Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampl ...

GHSA-9mw4-q4wg-7hwh

github

около 4 лет назад

Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).

BDU:2022-00148

CVSS3: 5.5

fstec

около 5 лет назад

Уязвимость реализации функции sampled_data_sample() набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 54%

0.0031

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-416