CVE-2021-45949

Severity

5.5MEDIUM

EPSS

0.1%

top 79.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJan 1

Latest updateJan 13

Description

Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

▶Debianghostscript< 9.53.3~dfsg-7+deb11u2+3

▶NVDartifex/ghostscript9.50 — 9.54.0

Also affects: Debian Linux 10.0, 11.0, 9.0

GHSA

GHSA-r647-qm87-j9pc: Ghostscript GhostPDL 9↗2022-01-02

▶

OSV

CVE-2021-45949: Ghostscript GhostPDL 9↗2022-01-01

▶

CVEList

CVE-2021-45949: Ghostscript GhostPDL 9↗2021-12-31

▶

Ubuntu

Ghostscript vulnerabilities↗2022-01-13

▶

Ubuntu

Ghostscript vulnerabilities↗2022-01-12

▶

Red Hat

ghostscript: heap-based buffer overflow in sampled_data_finish↗2022-01-01

▶

Debian

CVE-2021-45949: ghostscript - Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sam...↗2021

▶