Fluid Attacks Database

Description

A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	ghostscript	=10.0.0~dfsg-1 \|\| =10.0.0~dfsg-10 \|\| =10.0.0~dfsg-11 \|\| =10.0.0~dfsg-2 \|\| =10.0.0~dfsg-3 \|\| =10.0.0~dfsg-4 \|\| =10.0.0~dfsg-5 \|\| =10.0.0~dfsg-6 \|\| =10.0.0~dfsg-7 \|\| =10.0.0~dfsg-8 \|\| =10.0.0~dfsg-9 \|\| =10.01.2~dfsg-1 \|\| =10.02.0~dfsg-1 \|\| =10.02.0~dfsg-2 \|\| =10.02.1~dfsg-1 \|\| =10.02.1~dfsg-2 \|\| =10.02.1~dfsg-3 \|\| =10.03.0~dfsg-1 \|\| =10.03.1~dfsg-1 \|\| =10.03.1~dfsg-2 \|\| =10.03.1~dfsg~git20240518-1 \|\| =10.04.0~dfsg-1 \|\| =10.04.0~dfsg-2 \|\| =10.05.0~dfsg-1 \|\| =10.05.1~dfsg-1 \|\| =10.05.1~dfsg-2 \|\| =10.05.1~dfsg-3 \|\| =10.06.0~dfsg-1 \|\| =10.06.0~dfsg-2 \|\| =10.06.0~dfsg-3 \|\| =10.07.0~dfsg-1 \|\| =10.07.0~dfsg-2 \|\| =9.53.3~dfsg-7 \|\| =9.53.3~dfsg-7+deb11u1 \|\| =9.53.3~dfsg-7+deb11u10 \|\| =9.53.3~dfsg-7+deb11u11 \|\| =9.53.3~dfsg-7+deb11u2 \|\| =9.53.3~dfsg-7+deb11u3 \|\| =9.53.3~dfsg-7+deb11u4 \|\| =9.53.3~dfsg-7+deb11u5 \|\| =9.53.3~dfsg-7+deb11u6 \|\| =9.53.3~dfsg-7+deb11u7 \|\| =9.53.3~dfsg-7+deb11u8 \|\| =9.53.3~dfsg-7+deb11u9 \|\| =9.53.3~dfsg-8 \|\| =9.54.0~dfsg-1 \|\| =9.54.0~dfsg-2 \|\| =9.54.0~dfsg-3 \|\| =9.54.0~dfsg-4 \|\| =9.54.0~dfsg-5 \|\| =9.55.0~dfsg-1 \|\| =9.55.0~dfsg-2 \|\| =9.55.0~dfsg-3 \|\| =9.55.0~~rc1~dfsg-1 \|\| =9.56.0~dfsg-1 \|\| =9.56.0~~rc1~dfsg-1 \|\| =9.56.0~~rc2~dfsg-1 \|\| =9.56.1~dfsg-1	-
debian 12	ghostscript	>=0 <10.0.0~dfsg-3	10.0.0~dfsg-3
debian 13	ghostscript	>=0 <10.0.0~dfsg-3	10.0.0~dfsg-3
debian 14	ghostscript	>=0 <10.0.0~dfsg-3	10.0.0~dfsg-3

Aliases

1. CVE-2022-13502. NVD-2022-13503. OSV-DEBIAN-2022-13504. OSV-2022-13505. SECURITY-TRACKER-CVE-2022-1350

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.