Published: 04/02/2024 Updated: 04/03/2024

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

Artifex Ghostscript prior to 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).

Vulnerable Product	Search on Vulmon	Subscribe to Product
artifex ghostscript 9.52
artifex ghostscript 9.53.0
artifex ghostscript 9.52.1
artifex ghostscript 9.51

Artifex Ghostscript before 9530 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtwc (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (eg, for a ligature) (CVE-2020-36773) ...

DescriptionAn out-of-bounds write, and a use-after-free flaw was found in Ghostscript The flaw is present in devices/vector/gdevtxtwc, for txtwrite, due to a single character code in a PDF document that can map to more than one Unicode code point (for example, a ligature)An out-of-bounds write, and a use-after-free flaw was found in Ghost ...

CWE-787 CWE-416 https://bugs.ghostscript.com/show_bug.cgi?id=702229 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874 https://bugzilla.opensuse.org/show_bug.cgi?id=1177922 https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2024-2469.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-36773

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect