Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-45944

Опубликовано: 01 янв. 2022
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).

A heap-use-after-free flaw was found in Ghostscript’s GhostPDL in the sampled_data_sample function (called from sampled_data_continue and interp). This flaw allows a local attacker to pass a specially crafted malicious file to Ghostscript that triggers a heap-use-after-free issue, potentially causing a crash that leads to a denial of service.

Отчет

Red Hat Product Security has rated this issue as having Moderate security impact and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 6 and 7, hence, marked as Out-of-Support-Scope. For additional information, refer to the Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6ghostscriptOut of support scope
Red Hat Enterprise Linux 7ghostscriptOut of support scope
Red Hat Enterprise Linux 8ghostscriptWill not fix
Red Hat Enterprise Linux 8gimp:flatpak/ghostscriptWill not fix
Red Hat Enterprise Linux 9ghostscriptNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2048916ghostscript: use-after-free in sampled_data_sample may lead to DoS

EPSS

Процентиль: 54%
0.0031
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-45944

CVSS3: 5.5
ubuntu
около 4 лет назад

Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).

nvd логотип

CVE-2021-45944

CVSS3: 5.5
nvd
около 4 лет назад

Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).

debian логотип

CVE-2021-45944

CVSS3: 5.5
debian
около 4 лет назад

Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampl ...

github логотип

GHSA-9mw4-q4wg-7hwh

github
около 4 лет назад

Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).

fstec логотип

BDU:2022-00148

CVSS3: 5.5
fstec
около 5 лет назад

Уязвимость реализации функции sampled_data_sample() набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 54%
0.0031
Низкий

5.5 Medium

CVSS3