Vulnerabilities > CVE-2020-36773 - Use After Free vulnerability in Artifex Ghostscript

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

artifex

CWE-416

critical

NVD

Published: 2024-02-04

Updated: 2024-03-04

Summary

Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).

Vulnerable Configurations

Part	Description	Count
Application	Artifex Artifex Ghostscript 9.52 Artifex Ghostscript 9.53.0 Artifex Ghostscript 9.52.1 Artifex Ghostscript 9.51	5

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://bugs.ghostscript.com/show_bug.cgi?id=702229
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874
https://bugzilla.opensuse.org/show_bug.cgi?id=1177922
https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530