Lucene search

[email protected]NVD:CVE-2020-36773

HistoryFeb 04, 2024 - 6:16 p.m.

CVE-2020-36773

2024-02-0418:16:00

CWE-416

CWE-787

[email protected]

web.nvd.nist.gov

artifex ghostscript

out-of-bounds write

gdevtxtw.c

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.1%

JSON

Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).

Affected configurations

NVD

Node

artifexghostscriptMatch9.51

artifexghostscriptMatch9.52

artifexghostscriptMatch9.52.1

artifexghostscriptMatch9.53.0rc1

artifexghostscriptMatch9.53.0rc2

References

bugs.ghostscript.com/show_bug.cgi?id=702229

bugzilla.opensuse.org/show_bug.cgi?id=1177922

git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874

github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.1%

JSON

Related for NVD:CVE-2020-36773

nessus7 amazon1 cve1 openvas5 redhatcve1 veracode1 osv1 debiancve1 cvelist1 prion1 ubuntucve1 vulnrichment1