CVE-2022-2085
- Source
- https://cve.org/CVERecord?id=CVE-2022-2085
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-2085.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-2085
- Downstream
- Published
- 2022-06-16T18:15:10.190Z
- Modified
- 2026-03-13T05:25:26.507381Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an initdeviceprocs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, memxdevice is used and does not have an initdeviceprocs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash.
- References
-
- http://git.ghostscript.com/?p=ghostpdl.git%3Bh=ae1061d948d88667bdf51d47d918c4684d0f67df
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERSZX5LKDWAHZWJYBMP2E2UHOPUCDEGV/
- https://security.gentoo.org/glsa/202211-11
- https://security.gentoo.org/glsa/202309-03
- https://bugs.ghostscript.com/show_bug.cgi?id=704945
- https://bugzilla.redhat.com/show_bug.cgi?id=2095261
Affected packages
Git /
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.55.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "35"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "36"
}
]
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-2085.json"