ID CVE-2021-45949
Summary Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).
References
Vulnerable Configurations
  • cpe:2.3:a:artifex:ghostscript:9.50:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.50:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.51:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.51:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.51:rc2:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.51:rc2:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.52:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.52:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.53.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.53.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.53.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.53.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.53.1:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.53.1:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 21-01-2022 - 14:41)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
Last major update 21-01-2022 - 14:41
Published 01-01-2022 - 00:15
Last modified 21-01-2022 - 14:41
Back to Top