VDB
CVE-2021-45949
CVE-2021-45949
PUBLISHED
In Ghostscript existieren mehrere Schwachstellen. Die Schwachstellen bestehen aufgrund eines Use-after-free-Fehlers und eines Heap-basierten Pufferüberlaufs innerhalb der "sampled_data_sample()" und der "sampled_data_finish()" Funktionen. Ein entfernter anonymer Angreifer kann diese Schwachstellen zur Ausführung von beliebigem Code ausnutzen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
EPSS 0.07% · 21.1th percentile
Risk Scores
EPSS Score
0.07%
21.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SUSE | SUSE Linux | |
| Open Source | Open Source Ghostscript | |
| Ubuntu | Ubuntu Linux | |
| Debian | Debian Linux |
Exploit Intelligence
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675 (nist-nvd)
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml (circl)
- https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=2a3129365d3bc0d4a41f107ef175920d1505d1f7 (circl)
- DSA-5038 (circl)
- [debian-lts-announce] 20220114 [SECURITY] [DLA 2879-1] ghostscript security update (circl)
Timeline
- Dec 31, 2021 CVE Published
- Jan 1, 2022 EPSS Score
- Feb 24, 2022 EPSS Score
- Apr 19, 2022 EPSS Score
- Jun 11, 2022 EPSS Score
- Aug 5, 2022 EPSS Score
- Sep 28, 2022 EPSS Score
- Nov 21, 2022 EPSS Score
- Jan 13, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 8, 2023 EPSS Score
- May 1, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2023-0232.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0232 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-January/013607.html advisory
- https://www.debian.org/security/2022/dsa-5038 advisory
- https://ubuntu.com/security/notices/USN-5224-1 advisory
- https://ubuntu.com/security/notices/USN-5224-2 advisory
- https://lists.debian.org/debian-lts-announce/2022/01/msg00006.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-January/010006.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-January/010007.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-February/010219.html advisory