Unrated severityNVD Advisory· Published Dec 31, 2021· Updated Aug 4, 2024
CVE-2021-45949
CVE-2021-45949
Description
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).
Affected products
17- Ghostscript/GhostPDLdescription
- osv-coords16 versionspkg:rpm/opensuse/ghostscript&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/ghostscript&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ghostscript&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/ghostscript&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/htmldoc&distro=SUSE%20Package%20Hub%2012%20SP1
< 9.52-161.1+ 15 more
- (no CPE)range: < 9.52-161.1
- (no CPE)range: < 9.54.0-3.1
- (no CPE)range: < 9.52-161.1
- (no CPE)range: < 9.52-161.1
- (no CPE)range: < 9.52-161.1
- (no CPE)range: < 9.52-161.1
- (no CPE)range: < 9.52-161.1
- (no CPE)range: < 9.52-161.1
- (no CPE)range: < 9.52-23.48.1
- (no CPE)range: < 9.52-161.1
- (no CPE)range: < 9.52-161.1
- (no CPE)range: < 9.52-23.48.1
- (no CPE)range: < 9.52-161.1
- (no CPE)range: < 9.52-161.1
- (no CPE)range: < 9.52-23.48.1
- (no CPE)range: < 1.8.28-9.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.debian.org/security/2022/dsa-5038mitrevendor-advisoryx_refsource_DEBIAN
- bugs.chromium.org/p/oss-fuzz/issues/detailmitrex_refsource_MISC
- git.ghostscript.commitrex_refsource_MISC
- github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yamlmitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2022/01/msg00006.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.