Bug 2048939 (CVE-2021-45949)

Summary: CVE-2021-45949 ghostscript: heap-based buffer overflow in sampled_data_finish
Product: [Other] Security Response Reporter: Marian Rehak <mrehak>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: akhaitovich, mjg, mosvald, zdohnal
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A heap-based buffer overflow flaw was found in Ghostscript’s GhostPDL in the sampled_data_finish function (called from sampled_data_continue and interp). This flaw allows a local attacker to pass a specially crafted malicious file to Ghostscript that triggers a heap-based buffer overflow, potentially causing a crash that leads to a denial of service.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2049765, 2049766, 2049767    
Bug Blocks: 2048917    

Description Marian Rehak 2022-02-01 08:37:50 UTC 
A heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).

Reference:

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml
Comment 1 Michael J Gruber 2022-02-01 14:25:12 UTC 
Fedora versions all the way down to F33 are not affected - they carry  ghostscript-9.55.0.

So, which version are you reporting this against?