CVE-2021-45944

Published: January 1, 2022Last modified: November 8, 2023

Description

Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).

Severity score breakdown

Status

References

• https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29903
• https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30715
• https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=7861fcad13c497728189feafb41cd57b5b50ea25
• https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml
• https://github.com/google/oss-fuzz-vulns/issues/16
• https://lists.debian.org/debian-lts-announce/2022/01/msg00006.html
• https://www.debian.org/security/2022/dsa-5038