CVE-2022-2085

Description

A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash.

References

ExploitIssue TrackingMailing ListPatchVendor Advisory
Mailing ListPatchVendor Advisory
Issue TrackingPatchThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

AccessComplexity

MEDIUM

ConfidentialityImpact

NONE

AvailabilityImpact

PARTIAL

IntegrityImpact

NONE

BaseScore

4.300000190734863

VectorString

AV:N/AC:M/Au:N/C:N/I:N/A:P

Version

2.0

AccessVector

NETWORK

Authentication

NONE