CVE-2022-1350 — MEDIUM (4.3)

Vulnerability Description

A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Artifex	Ghostpcl	9.55.0

Related Weaknesses (CWE)

CWE-119 CWE-787

References

https://bugs.ghostscript.com/attachment.cgi?id=22323Permissions RequiredVendor Advisory
https://bugs.ghostscript.com/show_bug.cgi?id=705156Permissions RequiredVendor Advisory
https://vuldb.com/?id.197290Third Party Advisory
https://bugs.ghostscript.com/attachment.cgi?id=22323Permissions RequiredVendor Advisory
https://bugs.ghostscript.com/show_bug.cgi?id=705156Permissions RequiredVendor Advisory
https://vuldb.com/?id.197290Third Party Advisory

FAQ

What is CVE-2022-1350?

CVE-2022-1350 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads t...

How severe is CVE-2022-1350?

CVE-2022-1350 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-1350?

Check the references section above for vendor advisories and patch information. Affected products include: Artifex Ghostpcl.