OSV-2024-251

Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2024-251.yaml
Published
2024-04-12T00:02:31.478145Z
Modified
2024-04-29T11:38:05.915041Z
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67932

Crash type: Heap-use-after-free READ 8
Crash state:
gx_device_forward_finalize
gx_device_finalize
gs_gc_reclaim
References

Affected packages

OSS-Fuzz / ghostscript

Package

Name
ghostscript

Affected ranges

Type
GIT
Repo
git://git.ghostscript.com/ghostpdl.git
Events
Introduced
441c9e3a4ca08fa7f7c00063af33196b0d88ebaf
Fixed
5fb7114f814645ebf679a8228350e9770bf3f009

Affected versions

ghostpdl-10.*

ghostpdl-10.0.0
ghostpdl-10.0.0_release_tests_002
ghostpdl-10.0.0rc1
ghostpdl-10.0.0rc2
ghostpdl-10.01.0
ghostpdl-10.01.0rc1
ghostpdl-10.01.0rc2
ghostpdl-10.01.1
ghostpdl-10.01.1-gse-10174
ghostpdl-10.01.2
ghostpdl-10.02.0
ghostpdl-10.02.0-test-base-001
ghostpdl-10.02.0rc1
ghostpdl-10.02.0rc2
ghostpdl-10.02.1
ghostpdl-10.03.0_test001
ghostpdl-10.03.0_test002
ghostpdl-10.03.0rc1
ghostpdl-10.03.0rc1_test
ghostpdl-10.03.0rc1_test002
ghostpdl-10.03.0rc1_test003

Ecosystem specific 

{
    "severity": "HIGH"
}

Database specific 

{
    "fixed_range": "e4c276677b423732a3e4bb7fd6feffd91c482d1a:5fb7114f814645ebf679a8228350e9770bf3f009"
}