CVE-2020-36773
Description
An out-of-bounds write and use-after-free in Ghostscript's txtwrite device allows memory corruption when processing PDF ligatures, fixed in 9.53.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An out-of-bounds write and use-after-free in Ghostscript's txtwrite device allows memory corruption when processing PDF ligatures, fixed in 9.53.0.
Vulnerability
Artifex Ghostscript before version 9.53.0 contains an out-of-bounds write and use-after-free vulnerability in the devices/vector/gdevtxtw.c file, specifically in the txtwrite device. The issue arises because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature), leading to memory corruption when the txtwrite device processes such mappings [1][2].
Exploitation
An attacker can exploit this vulnerability by crafting a malicious PDF document that includes a character code mapping to multiple Unicode code points. When a victim opens the PDF with Ghostscript's txtwrite device (e.g., during text extraction), the vulnerable code path is triggered. No authentication or special privileges are required; the attacker only needs to deliver the PDF to the target [1].
Impact
Successful exploitation results in memory corruption, which could allow an attacker to execute arbitrary code or cause a denial of service. The impact is limited to the context of the Ghostscript process, potentially leading to full compromise of the affected system [1].
Mitigation
The vulnerability is fixed in Ghostscript version 9.53.0, released on 2020-10-20 [2]. Users should upgrade to this version or later. No workarounds are documented; upgrading is the recommended mitigation [1][2].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
7(expand)+ 1 more
- (no CPE)
- (no CPE)range: <9.53.0
- osv-coords5 versionspkg:rpm/opensuse/ghostscript&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 9.52-150000.185.1+ 4 more
- (no CPE)range: < 9.52-150000.185.1
- (no CPE)range: < 9.52-150000.185.1
- (no CPE)range: < 9.52-23.71.1
- (no CPE)range: < 9.52-23.71.1
- (no CPE)range: < 9.52-23.71.1
Patches
1088333d4adf1For 9.53.0 release
1 file changed · +2 −2
README.md+2 −2 modified@@ -1,7 +1,7 @@ -# ghostpdl 9.52 +# ghostpdl 9.53.0 See: -https://ghostscript.com/doc/9.52/Readme.htm +https://ghostscript.com/doc/9.53.0/Readme.htm Any bugs should be reported to: https://bugs.ghostscript.com/
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.