CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
42.8%
A NULL pointer dereference vulnerability was found in Ghostscript, which
occurs when it tries to render a large number of bits in memory. When
allocating a buffer device, it relies on an init_device_procs defined for
the device that uses it as a prototype that depends upon the number of bits
per pixel. For bpp > 64, mem_x_device is used and does not have an
init_device_procs defined. This flaw allows an attacker to parse a large
number of bits (more than 64 bits per pixel), which triggers a NULL pointer
dereference flaw, causing an application to crash.
Author | Note |
---|---|
mdeslaur | code in focal and earlier doesn’t look vulnerable to this issue |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | ghostscript | < 9.55.0~dfsg1-0ubuntu5.1 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
42.8%