OSV-2021-717

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-717.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2021-717

Published

2021-05-02T00:00:44.749274Z

Modified

2022-04-13T04:13:00.289724Z

Summary

Heap-use-after-free in real_param

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33862

Crash type: Heap-use-after-free READ 1
Crash state:
real_param
zpdfinkpath
interp

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33862

Affected packages

OSS-Fuzz / ghostscript

Package

Name: ghostscript
Purl: pkg:generic/ghostscript

Affected ranges

Type: GIT
Repo: git://git.ghostscript.com/ghostpdl.git
Events: Introduced

e63504054baea4275af88e95418b5282c4394685

Fixed

fe8965b8a179c083060b66a7db13cad171ff470b

Introduced

bbdfaa56b00f2ba556476f0265e65e4ad370f641

Fixed

ad4d12f6d848ebfde2485fd6c806901b7497a1c2

Affected versions

ghostpdl-9.*

ghostpdl-9.28rc2

ghostpdl-9.28rc3

ghostpdl-9.28rc4

ghostpdl-9.50

ghostpdl-9.51

ghostpdl-9.51rc1

ghostpdl-9.51rc2

ghostpdl-9.51rc2_test

ghostpdl-9.51rc2_test2

ghostpdl-9.51rc3

ghostpdl-9.52

ghostpdl-9.52-test-base-1

ghostpdl-9.52-test-base-3

ghostpdl-9.52-test-base-4

ghostpdl-9.52.1

ghostpdl-9.53.0

ghostpdl-9.53.0-test-base-0

ghostpdl-9.53.0rc1

ghostpdl-9.53.0rc2

ghostpdl-9.53.1

ghostpdl-9.53.2

ghostpdl-9.53.3

ghostpdl-9.54.0

ghostpdl-9.54.0-test-base-0

ghostpdl-9.54.0rc1_test

ghostscript-9.*

ghostscript-9.50

ghostscript-9.51

ghostscript-9.52

Other

gpdf_alpha1

rjj_9.*

rjj_9.53.2_test

Ecosystem specific

{
    "severity": "HIGH"
}

Database specific

{
    "fixed_range": "2aaa240515d77b486adfd9d217c32d3cad7683f5:ad4d12f6d848ebfde2485fd6c806901b7497a1c2"
}