Home

CVE-2022-2085

Description

A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.142

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2022-2085 are affected in Ghostscript 9.55.0Windows
PostScript and PDF interpreter (USN-5643-1) ghostscript_9.50~dfsg-5ubuntu4.6_i386.debLinux
PostScript and PDF interpreter (USN-5643-1) ghostscript_9.50~dfsg-5ubuntu4.6_amd64.debLinux
PostScript and PDF interpreter (USN-5643-1) ghostscript_9.55.0~dfsg1-0ubuntu5.1_i386.debLinux
PostScript and PDF interpreter (USN-5643-1) ghostscript_9.55.0~dfsg1-0ubuntu5.1_amd64.debLinux
PostScript and PDF interpreter (USN-5643-1) ghostscript_9.26~dfsg+0-0ubuntu0.18.04.17_i386.debLinux
PostScript and PDF interpreter (USN-5643-1) ghostscript_9.26~dfsg+0-0ubuntu0.18.04.17_amd64.debLinux
ghostscript Security Update (ALAS2023-2023-053) ghostscript-9.56.1-5.amzn2023.0.1.x86_64.rpmLinux
ghostscript Security Update (ALAS2023-2023-053) ghostscript-doc-9.56.1-5.amzn2023.0.1.noarch.rpmLinux
ghostscript Security Update (ALAS2023-2023-053) ghostscript-gtk-9.56.1-5.amzn2023.0.1.x86_64.rpmLinux
ghostscript Security Update (ALAS2023-2023-053) ghostscript-tools-dvipdf-9.56.1-5.amzn2023.0.1.x86_64.rpmLinux
ghostscript Security Update (ALAS2023-2023-053) ghostscript-tools-fonts-9.56.1-5.amzn2023.0.1.x86_64.rpmLinux
ghostscript Security Update (ALAS2023-2023-053) ghostscript-tools-printing-9.56.1-5.amzn2023.0.1.x86_64.rpmLinux
ghostscript Security Update (ALAS2023-2023-053) ghostscript-x11-9.56.1-5.amzn2023.0.1.x86_64.rpmLinux
ghostscript Security Update (ALAS2023-2023-053) libgs-9.56.1-5.amzn2023.0.1.x86_64.rpmLinux
ghostscript Security Update (ALAS2023-2023-053) libgs-devel-9.56.1-5.amzn2023.0.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234