CVE-2021-45944

CWE-416Use After Free8 documents7 sources
Severity
5.5MEDIUM
EPSS
1.2%
top 20.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Artifex GhostscriptDebian Debian Linux
Timeline
PublishedJan 1
Latest updateJan 13

Description

Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debianghostscript< 9.53.3~dfsg-7+deb11u2+3
NVDartifex/ghostscript9.509.53.3

Also affects: Debian Linux 10.0, 11.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-9mw4-q4wg-7hwh: Ghostscript GhostPDL 92022-01-02
OSV
CVE-2021-45944: Ghostscript GhostPDL 92022-01-01
CVEList
CVE-2021-45944: Ghostscript GhostPDL 92021-12-31

📋Vendor Advisories

4
Ubuntu
Ghostscript vulnerabilities2022-01-13
Ubuntu
Ghostscript vulnerabilities2022-01-12
Red Hat
ghostscript: use-after-free in sampled_data_sample may lead to DoS2022-01-01
Debian
CVE-2021-45944: ghostscript - Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sa...2021
CVE-2021-45944 (MEDIUM CVSS 5.5) | Ghostscript GhostPDL 9.50 through 9 | cvebase.io