CVE-2020-36773

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-36773
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-36773.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-36773
Downstream
Related
Published
2024-02-04T18:16:00.713Z
Modified
2025-11-14T11:07:37.135342Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).

References

Affected packages

Git / github.com/artifexsoftware/ghostpdl-downloads

Affected ranges

Type
GIT
Repo
https://github.com/artifexsoftware/ghostpdl-downloads
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
088333d4adf1bfbd850527bfe644229a9122dc8a

Affected versions

9.*

9.21rc1
9.27
9.27rc1

ghostpdl-9.*

ghostpdl-9.51
ghostpdl-9.51rc2
ghostpdl-9.53.0rc1
ghostpdl-9.53.0rc2

gs9.*

gs9.26rc1
gs9.27

Other

gs918
gs919
gs920
gs920rc1
gs921
gs922
gs922rc1
gs922rc2
gs923
gs923rc1
gs924
gs924rc2
gs925
gs925rc1
gs926
gs927
gs928rc1
gs928rc2
gs928rc3
gs928rc4
gs950
gs951
gs951rc3
gs952

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-36773.json"