CRITICAL🇵🇱 Wersja polska

CVE-2020-36773

CVSS 9.8v3.1pub. 2024-02-04upd. 2025-05-22

Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).

🤖 AI Analysis
How it works

The vulnerability occurs in the file devices/vector/gdevtxtw.c, responsible for the txtwrite function. The problem appears when a single character code in a PDF document is mapped to more than one Unicode code point — a typical situation, for example, with ligatures. Improper memory management in this case leads to both out-of-bounds write (CWE-787) and use-after-free (CWE-416). An attacker can provide such a document for processing by vulnerable software, for example, as a file for conversion or printing.

Impact

An attacker can trigger arbitrary code execution (RCE) in the context of the document processing application or cause application crash. In the worst case scenario, it is possible to take control of the system without authentication.

Mitigation & patch

Artifex Ghostscript should be updated to version 9.53.0 or later. A patch is available in the official project repository and as part of the gs9530 release on the vendor's website.

Who is affected

Artifex Ghostscript in all versions before 9.53.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Artifex Ghostscript

    APP
    Artifex
    9.519.529.52.19.53.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2025-27837CRITICAL9.8PL ✓ten sam produkt

Path Traversal w Artifex Ghostscript przez nieprawidłowe znaki UTF-8

CVE-2025-27836CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w urządzeniu BJ10V w Artifex Ghostscript

CVE-2025-27831CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Artifex Ghostscript — urządzenie DOCXWRITE/TXTWRITE

CVE-2025-27832CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w urządzeniu NPDL Artifex Ghostscript (kompresja)

CVE-2023-28879CRITICAL9.8ten sam produkt

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data int...