{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-36773", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-05-22T17:29:16.336Z", "dateReserved": "2024-02-04T00:00:00.000Z", "datePublished": "2024-02-04T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-04T17:23:56.159Z"}, "descriptions": [{"lang": "en", "value": "Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature)."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://bugs.ghostscript.com/show_bug.cgi?id=702229"}, {"url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874"}, {"url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1177922"}, {"url": "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "CWE-416 Use After Free"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-02-05T15:56:53.734454Z", "id": "CVE-2020-36773", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-22T17:29:16.336Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:37:07.276Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugs.ghostscript.com/show_bug.cgi?id=702229", "tags": ["x_transferred"]}, {"url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874", "tags": ["x_transferred"]}, {"url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1177922", "tags": ["x_transferred"]}, {"url": "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://bugs.ghostscript.com/show_bug.cgi?id=702229", "tags": ["x_transferred"]}, {"url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874", "tags": ["x_transferred"]}, {"url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1177922", "tags": ["x_transferred"]}, {"url": "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:37:07.276Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2020-36773", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-05T15:56:53.734454Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:44.239Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://bugs.ghostscript.com/show_bug.cgi?id=702229"}, {"url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874"}, {"url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1177922"}, {"url": "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530"}], "descriptions": [{"lang": "en", "value": "Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-04T17:23:56.159Z"}}}, "cveMetadata": {"cveId": "CVE-2020-36773", "state": "PUBLISHED", "dateUpdated": "2025-05-22T17:29:16.336Z", "dateReserved": "2024-02-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-02-04T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:artifex:ghostscript:9.51:*:*:*:*:*:*:*", "matchCriteriaId": "C18E63CE-B2D5-44A2-89E0-B2C6A3554D79", "vulnerable": true}, {"criteria": "cpe:2.3:a:artifex:ghostscript:9.52:*:*:*:*:*:*:*", "matchCriteriaId": "BF20A2FF-98ED-45EF-9263-D915D7A1953D", "vulnerable": true}, {"criteria": "cpe:2.3:a:artifex:ghostscript:9.52.1:*:*:*:*:*:*:*", "matchCriteriaId": "FCA9F31F-F4B8-43E6-A747-BDC189BADD05", "vulnerable": true}, {"criteria": "cpe:2.3:a:artifex:ghostscript:9.53.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "E6FE7E73-AE7B-42D4-8E83-17249CC9F46A", "vulnerable": true}, {"criteria": "cpe:2.3:a:artifex:ghostscript:9.53.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "AC033F01-8AF9-4B10-9789-35255739A232", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature)."}, {"lang": "es", "value": "Artifex Ghostscript anterior a 9.53.0 tiene una escritura y un use-after-free fuera de los l\u00edmites en devices/vector/gdevtxtw.c (para txtwrite) porque un c\u00f3digo de un solo car\u00e1cter en un documento PDF se puede asignar a m\u00e1s de un punto de c\u00f3digo Unicode. (por ejemplo, para una ligadura)."}], "id": "CVE-2020-36773", "lastModified": "2025-05-22T18:15:23.437", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-02-04T18:16:00.713", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=702229"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1177922"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=702229"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1177922"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}, {"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "Ghostscript: out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite)", "id": "2262734", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262734"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "(CWE-416|CWE-787)", "details": ["Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).", "An out-of-bounds write, and a use-after-free flaw was found in Ghostscript. The flaw is present in devices/vector/gdevtxtw.c, for txtwrite, due to a single character code in a PDF document that can map to more than one Unicode code point (for example, a ligature)."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2020-36773", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "ghostscript", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "ghostscript", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "ghostscript", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "gimp:flatpak/ghostscript", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "ghostscript", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-36773\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-36773\nhttps://bugs.ghostscript.com/show_bug.cgi?id=702229\nhttps://bugzilla.opensuse.org/show_bug.cgi?id=1177922\nhttps://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874\nhttps://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530"], "statement": "The identified vulnerability in Ghostscript introduced in version 9.50 and FIxed in 9.53.0, this represents a important security issue due to its potential for exploitation by malicious actors. The out-of-bounds write and use-after-free flaws in the txtwrite module can be leveraged to execute arbitrary code or trigger denial-of-service attacks, compromising the integrity, confidentiality, and availability of systems where Ghostscript is deployed. Given the widespread use of Ghostscript in handling PDF documents across various platforms and applications, the vulnerability poses a significant risk to users' data and infrastructure.\nRed Hat Enterprise Linux is Not affected by this vulnerability.", "threat_severity": "Important"}