ID |
CVE-2022-2085
|
Summary |
A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:artifex:ghostscript:9.55.0:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.55.0:*:*:*:*:*:*:*
-
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
-
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
|
CVSS |
Base: | 4.3 (as of 17-09-2023 - 07:15) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-476 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
NONE |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
Last major update |
17-09-2023 - 07:15 |
Published |
16-06-2022 - 18:15 |
Last modified |
17-09-2023 - 07:15 |