Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-45949

Опубликовано: 01 янв. 2022
Источник: redhat
CVSS3: 5.5

Описание

Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).

A heap-based buffer overflow flaw was found in Ghostscript’s GhostPDL in the sampled_data_finish function (called from sampled_data_continue and interp). This flaw allows a local attacker to pass a specially crafted malicious file to Ghostscript that triggers a heap-based buffer overflow, potentially causing a crash that leads to a denial of service.

Отчет

Red Hat Product Security has rated this issue as having Moderate security impact and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 6 and 7, hence, marked as Out-of-Support-Scope. For additional information, refer to the Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6ghostscriptNot affected
Red Hat Enterprise Linux 7ghostscriptOut of support scope
Red Hat Enterprise Linux 8ghostscriptWill not fix
Red Hat Enterprise Linux 8gimp:flatpak/ghostscriptWill not fix
Red Hat Enterprise Linux 9ghostscriptNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=2048939ghostscript: heap-based buffer overflow in sampled_data_finish

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-45949

CVSS3: 5.5
ubuntu
около 4 лет назад

Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).

nvd логотип

CVE-2021-45949

CVSS3: 5.5
nvd
около 4 лет назад

Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).

debian логотип

CVE-2021-45949

CVSS3: 5.5
debian
около 4 лет назад

Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overf ...

github логотип

GHSA-r647-qm87-j9pc

github
около 4 лет назад

Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).

fstec логотип

BDU:2022-00147

CVSS3: 5.5
fstec
больше 4 лет назад

Уязвимость реализации функции sampled_data_finish() набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю вызвать отказ в обслуживании

5.5 Medium

CVSS3