Bug 2075523 (CVE-2022-1350) - CVE-2022-1350 ghostscript: Improper release of objects in chunk_free_object during PCL to PDF conversion
Summary: CVE-2022-1350 ghostscript: Improper release of objects in chunk_free_object d...
Alias: CVE-2022-1350
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 2086552
Blocks: 2079677
TreeView+ depends on / blocked
Reported: 2022-04-14 12:21 UTC by Avinash Hanwate
Modified: 2022-09-19 19:38 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2022-05-16 15:15:11 UTC

Attachments (Terms of Use)

Description Avinash Hanwate 2022-04-14 12:21:48 UTC
A vulnerability classified as problematic was found in Ghostscript 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue.


Comment 1 Michael J Gruber 2022-04-14 14:36:04 UTC
All referenced bugs are locked. There is no way for us to know whether http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e1134d375e2ca176068e19a2aa9b040baffe1c22 is a complete fix or (2) is pending. The vulnerability does not mention Ghostscript 9.56.1 but from quick-checking git, I don't expect it to contain any fixes. Do not expect a fix of the Fedora package until this changes :|

Comment 2 Mauro Matteo Cascella 2022-05-16 12:23:48 UTC
Created ghostscript tracking bugs for this issue:

Affects: fedora-all [bug 2086552]

Comment 3 Product Security DevOps Team 2022-05-16 15:15:10 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):


Note You need to log in before you can comment on or make changes to this bug.