CVE-2020-36773
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2020-36773 is a vulnerability affecting Artifex Ghostscript before version 9.53.0. This issue involves an out-of-bounds write and use-after-free in the vector device subsystem (gdevtxtw.c, for txtwrite) of Ghostscript. The root cause lies in the way Ghostscript handles Unicode code points in PDF documents. Specifically, a single character code in a PDF document can represent more than one Unicode code point, particularly for ligatures. As a result, an attacker could exploit this vulnerability by crafting a malicious PDF document to trigger the out-of-bounds write and use-after-free, potentially leading to arbitrary code execution or a denial-of-service condition.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- GhostScript
Affected Vendors
- Artifex