VDB
CVE-2021-45944
CVE-2021-45944
PUBLISHED
In Ghostscript existieren mehrere Schwachstellen. Die Schwachstellen bestehen aufgrund eines Use-after-free-Fehlers und eines Heap-basierten Pufferüberlaufs innerhalb der "sampled_data_sample()" und der "sampled_data_finish()" Funktionen. Ein entfernter anonymer Angreifer kann diese Schwachstellen zur Ausführung von beliebigem Code ausnutzen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
EPSS 1.23% · 79.5th percentile
Risk Scores
EPSS Score
1.23%
79.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | |
| Open Source | Open Source Ghostscript | |
| Ubuntu | Ubuntu Linux | |
| SUSE | SUSE Linux |
Exploit Intelligence
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29903 (nist-nvd)
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml (circl)
- DSA-5038 (circl)
- [debian-lts-announce] 20220114 [SECURITY] [DLA 2879-1] ghostscript security update (circl)
- https://github.com/google/oss-fuzz-vulns/issues/16 (circl)
- https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=7861fcad13c497728189feafb41cd57b5b50ea25 (circl)
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30715 (circl)
Timeline
- Dec 31, 2021 CVE Published
- Jan 1, 2022 EPSS Score
- Jan 18, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 19, 2022 EPSS Score
- Jun 11, 2022 EPSS Score
- Aug 5, 2022 EPSS Score
- Sep 28, 2022 EPSS Score
- Nov 21, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 8, 2023 EPSS Score
- May 1, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2023-0232.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0232 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-January/013607.html advisory
- https://www.debian.org/security/2022/dsa-5038 advisory
- https://ubuntu.com/security/notices/USN-5224-1 advisory
- https://ubuntu.com/security/notices/USN-5224-2 advisory
- https://lists.debian.org/debian-lts-announce/2022/01/msg00006.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-January/010006.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-January/010007.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-February/010219.html advisory