CVE-2022-1350 - OpenCVE

A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Artifex	Ghostpcl

Configuration 1 [-]

cpe:2.3:a:artifex:ghostpcl:9.55.0:*:*:*:*:*:*:*

References

Link	Resource
https://bugs.ghostscript.com/attachment.cgi?id=22323	Permissions Required Vendor Advisory
https://bugs.ghostscript.com/show_bug.cgi?id=705156	Permissions Required Vendor Advisory
https://vuldb.com/?id.197290	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulDB

Published: 2022-04-14T06:15:17

Updated: 2022-04-15T14:40:09

Reserved: 2022-04-14T00:00:00

Link: CVE-2022-1350

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-04-14T07:15:06.750

Modified: 2022-04-23T02:20:19.867

Link: CVE-2022-1350

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "GhostPCL", "vendor": "unspecified", "versions": [{"status": "affected", "version": "9.55.0"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119 Memory Corruption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-15T14:40:09", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=705156"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.ghostscript.com/attachment.cgi?id=22323"}, {"tags": ["x_refsource_MISC"], "url": "https://vuldb.com/?id.197290"}], "title": "GhostPCL gsmchunk.c chunk_free_object memory corruption", "x_generator": "vuldb.com", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@vuldb.com", "ID": "CVE-2022-1350", "REQUESTER": "cna@vuldb.com", "STATE": "PUBLIC", "TITLE": "GhostPCL gsmchunk.c chunk_free_object memory corruption"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GhostPCL", "version": {"version_data": [{"version_value": "9.55.0"}]}}]}, "vendor_name": ""}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue."}]}, "generator": "vuldb.com", "impact": {"cvss": {"baseScore": "4.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-119 Memory Corruption"}]}]}, "references": {"reference_data": [{"name": "https://bugs.ghostscript.com/show_bug.cgi?id=705156", "refsource": "MISC", "url": "https://bugs.ghostscript.com/show_bug.cgi?id=705156"}, {"name": "https://bugs.ghostscript.com/attachment.cgi?id=22323", "refsource": "MISC", "url": "https://bugs.ghostscript.com/attachment.cgi?id=22323"}, {"name": "https://vuldb.com/?id.197290", "refsource": "MISC", "url": "https://vuldb.com/?id.197290"}]}}}}, "cveMetadata": {"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-1350", "datePublished": "2022-04-14T06:15:17", "dateReserved": "2022-04-14T00:00:00", "dateUpdated": "2022-04-15T14:40:09", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:artifex:ghostpcl:9.55.0:*:*:*:*:*:*:*", "matchCriteriaId": "9D4E17F4-7C9A-4F82-B75C-2B56642FD498", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en Ghostscript versi\u00f3n 9.55.0. Esta vulnerabilidad afecta a la funci\u00f3n chunk_free_object del archivo gsmchunk.c. La manipulaci\u00f3n con un archivo malicioso conlleva a una corrupci\u00f3n de memoria. El ataque puede iniciarse de forma remota pero requiere la interacci\u00f3n del usuario. La explotaci\u00f3n ha sido divulgada al p\u00fablico como POC y puede ser usado. Es recomendado aplicar los parches para corregir este problema"}], "id": "CVE-2022-1350", "lastModified": "2022-04-23T02:20:19.867", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2022-04-14T07:15:06.750", "references": [{"source": "cna@vuldb.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://bugs.ghostscript.com/attachment.cgi?id=22323"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=705156"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.197290"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "cna@vuldb.com", "type": "Secondary"}]}