NULL Pointer Dereference in Ghostscript Software by Artifex Software, Inc.
CVE-2022-2085

5.5MEDIUM

Key Information:

Vendor: Artifex
Status: Ghostscript
Vendor: CVE Published:; 16 June 2022

What is CVE-2022-2085?

A NULL pointer dereference vulnerability exists in the Ghostscript rendering engine, which can be triggered when processing image data with more than 64 bits per pixel. This vulnerability occurs due to a missing init_device_procs for the mem_x_device, leading to a crash of the application when a large number of bits are allocated in memory. Attackers can exploit this flaw to destabilize the application and potentially cause a denial of service.

Affected Version(s)

GhostScript Affects in Ghostscript v9.55.0

References

https://bugs.ghostscript.com/show_bug.cgi?id=704945

https://bugzilla.redhat.com/show_bug.cgi?id=2095261

http://git.ghostscript.com/?p=ghostpdl.git%3Bh=ae1061d948...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2022
Vulnerability Reserved
Jun 15, 2022