Vulnerability Details CVE-2020-36773
Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.4%
CVSS Severity
CVSS v3 Score 9.8
References
- https://bugs.ghostscript.com/show_bug.cgi?id=702229
- https://bugzilla.opensuse.org/show_bug.cgi?id=1177922
- https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874
- https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530
- https://bugs.ghostscript.com/show_bug.cgi?id=702229
- https://bugzilla.opensuse.org/show_bug.cgi?id=1177922
- https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874
- https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530
Products affected by CVE-2020-36773
-
cpe:2.3:a:artifex:ghostscript:9.51
-
cpe:2.3:a:artifex:ghostscript:9.52
-
cpe:2.3:a:artifex:ghostscript:9.52.1
-
cpe:2.3:a:artifex:ghostscript:9.53.0