OSV-2021-237

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2021-237

Published

2021-01-26T00:00:02.244670Z

Modified

2023-02-24T01:41:11.985482Z

Summary

Heap-use-after-free in sampled_data_sample

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29903

Crash type: Heap-use-after-free WRITE 4
Crash state:
sampled_data_sample
sampled_data_continue
interp

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29903

Affected packages

OSS-Fuzz / ghostscript

Package

Name: ghostscript
Purl: pkg:generic/ghostscript

Affected ranges

Type: GIT
Repo: git://git.ghostscript.com/ghostpdl.git
Events: Introduced

45e765e59a45b46dcb05e8c729689a7c0574a48c

Fixed

7861fcad13c497728189feafb41cd57b5b50ea25

Fixed

0bd6877f480a84657696a80adc13f9c5485dd996

Affected versions

ghostpdl-9.*

ghostpdl-9.28rc1

ghostpdl-9.28rc2

ghostpdl-9.28rc3

ghostpdl-9.28rc4

ghostpdl-9.50

ghostpdl-9.51

ghostpdl-9.51rc1

ghostpdl-9.51rc2

ghostpdl-9.51rc2_test

ghostpdl-9.51rc2_test2

ghostpdl-9.51rc3

ghostpdl-9.52

ghostpdl-9.52-test-base-1

ghostpdl-9.52-test-base-3

ghostpdl-9.52-test-base-4

ghostpdl-9.52.1

ghostpdl-9.53.0

ghostpdl-9.53.0-test-base-0

ghostpdl-9.53.0rc1

ghostpdl-9.53.0rc2

ghostpdl-9.53.1

ghostpdl-9.53.2

ghostpdl-9.53.3

ghostpdl-9.54.0-test-base-0

ghostscript-9.*

ghostscript-9.50

ghostscript-9.51

ghostscript-9.52

gs9.*

gs9.28-temp-for-testing-tag

rjj_9.*

rjj_9.53.2_test

Ecosystem specific

{
    "severity": "HIGH",
    "introduced_range": "f209fb3a0f50cd0a9974d8627a4ac7f358f60c8a:470897e484fb0bfaa8553e0ccd5b9db91eda008b"
}

Database specific

fixed_range

"8cac642a1caf0ff821b2f1f83ee322a1cffc9a3e:0bd6877f480a84657696a80adc13f9c5485dd996"