First published: Sun Feb 04 2024(Updated: )
Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Artifex Software Ghostscript | =9.51 | |
Artifex Software Ghostscript | =9.52 | |
Artifex Software Ghostscript | =9.52.1 | |
Artifex Software Ghostscript | =9.53.0-rc1 | |
Artifex Software Ghostscript | =9.53.0-rc2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-36773 is considered a medium severity vulnerability due to the potential for out-of-bounds write and use-after-free conditions.
To mitigate CVE-2020-36773, upgrade to Ghostscript version 9.53.0 or later.
Affected versions for CVE-2020-36773 include Ghostscript versions 9.51, 9.52, and 9.52.1.
CVE-2020-36773 is classified as an out-of-bounds write and use-after-free vulnerability.
CVE-2020-36773 impacts Artifex Ghostscript software versions prior to 9.53.0.