OSV-2022-206

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2022-206.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2022-206
Published
2022-02-27T00:02:01.721420Z
Modified
2022-03-11T00:19:44.150538Z
Summary
Heap-buffer-overflow in spgetcc
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45049

Crash type: Heap-buffer-overflow READ {*} Crash state: spgetcc gsscantoken gs_interpret

References

Affected packages

OSS-Fuzz / ghostscript

Package

Name
ghostscript
Purl
pkg:generic/ghostscript

Affected ranges

Type
GIT
Repo
git://git.ghostscript.com/ghostpdl.git
Events
Introduced
4297fa6c36ccd90859f2cc13f563d87326b0705a
Fixed
a424f166ee9c1196a6cd7e2ee2289f81545d022d
Fixed
f01a4f949d047e597f70daed8d5e01cab9772bcb

Affected versions

ghostpdl-9.*

ghostpdl-9.55.0
ghostpdl-9.55.0rc1
ghostpdl-9.56.0-test-base-0
ghostpdl-9.56.0-test-base-2
ghostpdl-9.56.0-test-base-3
ghostpdl-9.56.0-test-base-4
ghostpdl-9.56.0-test-base-5
ghostpdl-9.56.0rc1
ghostpdl-9.56.0rc1_release_tests_001
ghostpdl-9.56.0rc1_release_tests_002

Other

ken_20220210_baseline
robin-test-base-0

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific 

{
    "introduced_range": "b0bbf56c2746bfe21293451594fa56d8cc881e78:a9bd3dec9fde03327a4a2c69dad1036bf9632e20"
}