CVE-2020-36773

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 4, 2024
Updated: Mar 4, 2024
CWE ID 787
CWE ID 416

Summary

CVE-2020-36773 is a vulnerability affecting Artifex Ghostscript before version 9.53.0. This issue involves an out-of-bounds write and use-after-free in the vector device subsystem (gdevtxtw.c, for txtwrite) of Ghostscript. The root cause lies in the way Ghostscript handles Unicode code points in PDF documents. Specifically, a single character code in a PDF document can represent more than one Unicode code point, particularly for ligatures. As a result, an attacker could exploit this vulnerability by crafting a malicious PDF document to trigger the out-of-bounds write and use-after-free, potentially leading to arbitrary code execution or a denial-of-service condition.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share