CVE-2022-1350

EUVD-2022-24672
A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
VulDBCNA
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Affected Products (NVD)
VendorProductVersion
artifexghostpcl
9.55.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ghostscript
bookworm
unimportant
bookworm (security)
unimportant
bullseye
unimportant
bullseye (security)
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ghostscript
bionic
not-affected
focal
not-affected
impish
not-affected
jammy
not-affected
trusty
ignored
xenial
not-affected
Common Weakness Enumeration
References
https://bugs.ghostscript.com/attachment.cgi?id=22323
https://bugs.ghostscript.com/show_bug.cgi?id=705156
https://vuldb.com/?id.197290
https://bugs.ghostscript.com/attachment.cgi?id=22323
https://bugs.ghostscript.com/show_bug.cgi?id=705156
https://vuldb.com/?id.197290