CVE-2021-45949

Опубликовано: 01 янв. 2022

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).

Ссылки

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675
Exploit
Issue Tracking
Third Party Advisory
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=2a3129365d3bc0d4a41f107ef175920d1505d1f7
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg00006.html
Mailing List
Third Party Advisory
https://www.debian.org/security/2022/dsa-5038
Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675
Exploit
Issue Tracking
Third Party Advisory
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=2a3129365d3bc0d4a41f107ef175920d1505d1f7
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg00006.html
Mailing List
Third Party Advisory
https://www.debian.org/security/2022/dsa-5038
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*

Версия от 9.50 (включая) до 9.54.0 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00065

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2021-45949

CVSS3: 5.5

ubuntu

около 4 лет назад

Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).

CVE-2021-45949

CVSS3: 5.5

redhat

около 4 лет назад

Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).

CVE-2021-45949

CVSS3: 5.5

debian

около 4 лет назад

Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overf ...

GHSA-r647-qm87-j9pc

github

около 4 лет назад

Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).

BDU:2022-00147

CVSS3: 5.5

fstec

больше 4 лет назад

Уязвимость реализации функции sampled_data_finish() набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 20%

0.00065

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-787