CyberSec.Space Logo
Back to CVE Browser

CVE-2020-36773

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0240%
EPSS Percentile28.98th
PublishedFeb 4, 2024
Last ModifiedMay 22, 2025

Vulnerability Description

Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).

Affected Platforms (CPE)

πŸ“¦
Artifex

Ghostscript

= 9.51
πŸ“¦
Artifex

Ghostscript

= 9.52
πŸ“¦
Artifex

Ghostscript

= 9.52.1
πŸ“¦
Artifex

Ghostscript

= 9.53.0
πŸ“¦
Artifex

Ghostscript

= 9.53.0

References & Advisories

πŸ”— https://bugs.ghostscript.com/show_bug.cgi?id=702229
πŸ”— https://bugzilla.opensuse.org/show_bug.cgi?id=1177922
πŸ”— https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874
πŸ”— https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530
πŸ”— https://bugs.ghostscript.com/show_bug.cgi?id=702229
πŸ”— https://bugzilla.opensuse.org/show_bug.cgi?id=1177922
πŸ”— https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874
πŸ”— https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530

Related Vulnerabilities

CVE-2021-37819.9

A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a speciall...

CVE-2020-159009.8

A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow over...

CVE-2019-148139.8

A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its p...

CVE-2020-276059.8

BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks...