CVE-2021-45944 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 10%

Vendor	Product	Version
artifex	ghostscript	9.50 ≤ 𝑥 ≤ 9.53.3
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

ghostscript

bullseye	9.53.3~dfsg-7+deb11u7 fixed
bullseye (security)	9.53.3~dfsg-7+deb11u8 fixed
bookworm	10.0.0~dfsg-11+deb12u4 fixed
bookworm (security)	10.0.0~dfsg-11+deb12u5 fixed
sid	10.04.0~dfsg-1 fixed
trixie	10.04.0~dfsg-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

ghostscript

jammy	not-affected
impish	not-affected
hirsute	Fixed 9.53.3~dfsg-7ubuntu0.2 released
focal	Fixed 9.50~dfsg-5ubuntu4.5 released
bionic	Fixed 9.26~dfsg+0-0ubuntu0.18.04.15 released
xenial	Fixed 9.26~dfsg+0-0ubuntu0.16.04.14+esm1 released
trusty	ignored

Known Exploits!

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29903

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30715

https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=7861fcad13c497728189feafb41cd57b5b50ea25

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml

https://github.com/google/oss-fuzz-vulns/issues/16

https://lists.debian.org/debian-lts-announce/2022/01/msg00006.html

https://www.debian.org/security/2022/dsa-5038

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29903

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30715

https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=7861fcad13c497728189feafb41cd57b5b50ea25

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml

https://github.com/google/oss-fuzz-vulns/issues/16

https://lists.debian.org/debian-lts-announce/2022/01/msg00006.html

https://www.debian.org/security/2022/dsa-5038