Lucene search

Veracode Vulnerability DatabaseVERACODE:45426

HistoryFeb 09, 2024 - 4:33 p.m.

Use After Free

2024-02-0916:33:54

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

artifex ghostscript

use after free

pdf

unicode

dos attack

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.1%

JSON

Artifex Ghostscript is vulnerable to Use After Free. The vulnerability is due to a single-character code in a PDF document being able to map to more than one Unicode code point. This potentially leads to a Denial of Service(DoS) Attack.

CPENameOperatorVersion
ghostscript:bullseyeeq9.52.1~dfsg-1
ghostscript:bullseyeeq9.52.1~dfsg-1

CPE	Name	Operator	Version
	ghostscript:bullseye	eq	9.52.1~dfsg-1
	ghostscript:bullseye	eq	9.52.1~dfsg-1

References

bugs.ghostscript.com/show_bug.cgi?id=702229

bugzilla.opensuse.org/show_bug.cgi?id=1177922

git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874

github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530

security-tracker.debian.org/tracker/CVE-2020-36773

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.1%

JSON

Related for VERACODE:45426