OSV-2023-970

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2023-970.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2023-970
Published
2023-10-06T13:02:56.047818Z
Modified
2023-10-10T15:17:30.632991Z
Summary
Heap-use-after-free in gx_device_forward_finalize
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63013

Crash type: Heap-use-after-free READ 8
Crash state:
gx_device_forward_finalize
gx_device_finalize
alloc_restore_step_in
References

Affected packages

OSS-Fuzz / ghostscript

Package

Name
ghostscript
Purl
pkg:generic/ghostscript

Affected ranges

Type
GIT
Repo
git://git.ghostscript.com/ghostpdl.git
Events
Introduced
205d4f51cba82bc7cfa6a64b3d82b77baebf91b4
Fixed
6a3097e2262b61a953651b6280247705945f4c82

Affected versions

ghostpdl-10.*

ghostpdl-10.01.0
ghostpdl-10.01.0rc1
ghostpdl-10.01.0rc2
ghostpdl-10.01.1
ghostpdl-10.01.1-gse-10174
ghostpdl-10.01.2
ghostpdl-10.02.0
ghostpdl-10.02.0-test-base-001
ghostpdl-10.02.0rc1
ghostpdl-10.02.0rc2

Ecosystem specific 

{
    "severity": "HIGH"
}