bugzilla.redhat.com
Open in
urlscan Pro
2a02:26f0:6c00:2b6::762
Public Scan
URL:
https://bugzilla.redhat.com/show_bug.cgi?id=2095261
Submission: On June 28 via api from NL — Scanned from NL
Submission: On June 28 via api from NL — Scanned from NL
Form analysis 5 forms found in the DOM
POST show_bug.cgi?id=2095261
<form action="show_bug.cgi?id=2095261" method="POST" class="mini_login " id="mini_login">
<input id="Bugzilla_login" required="" name="Bugzilla_login" class="bz_login" type="email" placeholder="Email Address">
<input class="bz_password" name="Bugzilla_password" type="password" id="Bugzilla_password" required="" placeholder="Password">
<input type="hidden" name="Bugzilla_login_token" value="">
<input type="submit" name="GoAheadAndLogIn" value="Log in" id="log_in">
</form>POST token.cgi
<form action="token.cgi" method="post" id="forgot_form" class="mini_forgot bz_default_hidden">
<label for="login">Login:</label>
<input name="loginname" size="20" id="login" required="" type="email" placeholder="Your Email Address">
<input id="forgot_button" value="Reset Password" type="submit">
<input type="hidden" name="a" value="reqpw">
<input type="hidden" id="token" name="token" value="1656420615-Cu93FBZkYsbzzivWGrQcaACWnz9nfau6hKfcNLPH-EY">
<p>
<a href="#" onclick="return hide_forgot_form('')"><i class="fa fa-exclamation-triangle" aria-hidden="true"></i> Hide Forgot</a>
</p>
</form>GET buglist.cgi
<form action="buglist.cgi" method="get" onsubmit="if (this.quicksearch.value == '')
{ alert('Please enter one or more search terms first.');
return false; } return true;">
<input type="hidden" id="no_redirect_top" name="no_redirect" value="1">
<script type="text/javascript">
if (history && history.replaceState) {
var no_redirect = document.getElementById("no_redirect_top");
no_redirect.value = 1;
}
</script>
<input class="txt" type="text" id="quicksearch_top" name="quicksearch" title="Quick Search" value="">
<input class="btn" type="submit" value="Search" id="find_top">
</form>Name: changeform — POST process_bug.cgi
<form name="changeform" id="changeform" method="post" action="process_bug.cgi">
<input type="hidden" name="delta_ts" value="2022-06-15 12:19:35">
<input type="hidden" name="id" value="2095261">
<input type="hidden" name="token" value="1656420615-SeLsR-d_gfsvLHar_z7X45YrQQXnglkfMwEFNgJgE-E">
<div class="bz_short_desc_container edit_form">
<a href="show_bug.cgi?id=2095261"><b>Bug 2095261</b></a> <span id="summary_container"> (<span id="alias_nonedit_display">CVE-2022-2085</span>) - <span
id="short_desc_nonedit_display"><a href="https://access.redhat.com/security/cve/CVE-2022-2085">CVE-2022-2085</a> ghostscript: Null pointer dereference in gx_default_create_buf_device()</span>
</span>
<div id="summary_input" class="bz_default_hidden"><span class="field_label " id="field_label_short_desc">
<a title="The bug summary is a short sentence which succinctly describes what the bug is about." class="field_help_link" href="page.cgi?id=fields.html#short_desc">Summary:</a>
</span><span title="CVE-2022-2085 ghostscript: Null pointer dereference in gx_default_create_buf_device()">CVE-2022-2085 ghostscript: Null pointer dereference in gx_default_create_buf_... </span>
</div>
</div>
<script type="text/javascript">
hideEditableField('summary_container', 'summary_input', 'summary_edit_action', 'short_desc', 'CVE-2022-2085 ghostscript: Null pointer dereference in gx_default_create_buf_device()');
</script>
<table class="edit_form">
<tbody>
<tr>
<td id="bz_show_bug_column_1" class="bz_show_bug_column">
<table>
<tbody>
<tr>
<th class="field_label">
<a href="describekeywords.cgi">Keywords</a>:
</th>
<td>
<div class="keywords_select">
<select id="keywords" name="keywords" disabled="" multiple="multiple" tabindex="-1" class="selectized" style="display: none;">
<option value="Security" selected="selected">Security </option>
</select>
<div class="selectize-control multi plugin-remove_button plugin-minimum_search_length plugin-extra_keys_control plugin-related_fields plugin-load_from_js">
<div class="selectize-input items not-full has-options has-items disabled locked">
<div class="item"
title="Bugs with the "Security" keyword are those that relate to a security vulnerability with a Red Hat product or service. For further information on how to report a security vulnerability to Red Hat please see the "Security Contacts and Procedures" page at <a href="https://www.redhat.com/security/team/contact/">https://www.redhat.com/security/team/contact/</a>"
data-value="Security">Security <a href="javascript:void(0)" class="remove" tabindex="-1" title="Remove">×</a></div><input type="select-multiple" autocomplete="off" tabindex="-1" id="keywords-selectized" disabled=""
style="width: 4px;">
</div>
<div class="selectize-dropdown multi plugin-remove_button plugin-minimum_search_length plugin-extra_keys_control plugin-related_fields plugin-load_from_js" style="display: none;">
<div class="selectize-dropdown-content"></div>
</div>
</div>
</div>
</td>
</tr>
<tr>
<th class="field_label">
<a href="page.cgi?id=fields.html#bug_status">Status</a>:
</th>
<td id="bz_field_status">
<span id="static_bug_status">CLOSED NOTABUG </span>
</td>
</tr>
<tr>
<th class="field_label " id="field_label_alias">
<a title="A short, unique name assigned to a bug in order to assist with looking it up and referring to it in other places in Bugzilla." class="field_help_link" href="page.cgi?id=fields.html#alias">Alias:</a>
</th>
<td>CVE-2022-2085 </td>
</tr>
<tr>
<th class="field_label " id="field_label_product">
<a title="Bugs are categorised into Products and Components. Select a Classification to narrow down this list." class="field_help_link" href="describecomponents.cgi">Product:</a>
</th>
<td class="field_value " id="field_container_product">Security Response </td>
</tr>
<tr class="bz_default_hidden">
<th class="field_label " id="field_label_classification">
<a title="Bugs are categorised into Classifications, Products and Components. classifications is the top-level categorisation." class="field_help_link" href="page.cgi?id=fields.html#classification">Classification:</a>
</th>
<td class="field_value " id="field_container_classification">Other </td>
</tr>
<tr>
<th class="field_label " id="field_label_component">
<a title="Components are second-level categories; each belongs to a particular Product. Select a Product to narrow down this list." class="field_help_link" href="describecomponents.cgi?product=Security Response">Component:</a>
</th>
<td>
<input type="hidden" id="component" name="component" value="vulnerability">vulnerability <span class="show_others">
<a href="buglist.cgi?component=vulnerability&product=Security%20Response" title="Show other bugs for this component"><i class="fas fa-th-list"></i></a>
<a href="enter_bug.cgi?component=vulnerability&product=Security%20Response&version=unspecified" title="Create a new bug for this component"><i class="fas fa-plus-circle"></i></a>
</span>
</td>
</tr>
<tr>
<th id="bz_rh_sub_component_input_th" class="field_label bz_default_hidden">
<label for="rh_sub_component-selectized" class="selectized">
<a class="field_help_link" href="page.cgi?id=fields.html#rh_sub_components" title="The sub component of a specific component">Sub Component:</a>
</label>
</th>
<td id="bz_rh_sub_component_input_td" class="bz_default_hidden">
<input type="hidden" name="defined_rh_sub_component" id="defined_rh_sub_component" value="0">
<select name="rh_sub_component" id="rh_sub_component" disabled="" onchange="assign_to_default();" placeholder="Type a sub-component name" tabindex="-1" class="selectized" style="display: none;">
<option value="" selected="selected"></option>
</select>
<div class="selectize-control single plugin-remove_button plugin-minimum_search_length plugin-extra_keys_control plugin-form_history plugin-related_fields">
<div class="selectize-input items not-full disabled locked"><input type="select-one" autocomplete="off" tabindex="-1" id="rh_sub_component-selectized" placeholder="Type a sub-component name" disabled="" style="width: 172.391px;">
</div>
<div class="selectize-dropdown single plugin-remove_button plugin-minimum_search_length plugin-extra_keys_control plugin-form_history plugin-related_fields" style="display: none;">
<div class="selectize-dropdown-content"></div>
</div>
</div>
<script>
$(document).ready(function() {
if (!$('#rh_sub_component').hasClass('selectized')) {
init_sub_components();
}
});
</script>
<span class="show_others">
<a href="buglist.cgi?component=vulnerability&product=Security%20Response" title="Show other bugs for this sub-component"><i class="fas fa-th-list"></i></a>
<a href="enter_bug.cgi?component=vulnerability&product=Security%20Response&version=unspecified&sub_component=" title="Create a new bug for this sub-component"><i class="fas fa-plus-circle"></i></a>
</span>
</td>
</tr>
<script>
function rh_check_sub_components() {
var ret = '';
var sub_comp_obj = document.getElementById('rh_sub_component');
if ($('#defined_rh_sub_component').val() == 1 && !$("#rh_sub_component").selectize()[0].selectize.getValue()) {
if (!ret) ret = sub_comp_obj;
_sub_comps_errorFor(sub_comp_obj, "You must specify the sub component");
}
return ret;
}
function _sub_comps_errorFor(field, error_text) {
var new_node = document.createElement('div');
YAHOO.util.Dom.addClass(new_node, 'validation_error_text');
new_node.innerHTML = error_text;
YAHOO.util.Dom.insertAfter(new_node, field);
YAHOO.util.Dom.addClass(field, 'validation_error_field');
new_node.scrollIntoView();
}
</script>
<tr>
<th class="field_label " id="field_label_version">
<a title="The version field defines the version of the software the bug was found in." class="field_help_link" href="page.cgi?id=fields.html#version">Version:</a>
</th>
<td>
<span id="version">unspecified </span>
</td>
</tr>
<tr>
<th class="field_label " id="field_label_rep_platform">
<a title="The hardware platform the bug was observed on. Note: When searching, selecting the option "All" only finds bugs whose value for this field is literally the word "All"." class="field_help_link" href="page.cgi?id=fields.html#rep_platform">Hardware:</a>
</th>
<td class="field_value">All </td>
</tr>
<tr>
<th class="field_label " id="field_label_op_sys">
<a title="The operating system the bug was observed on. Note: When searching, selecting the option "All" only finds bugs whose value for this field is literally the word "All"." class="field_help_link" href="page.cgi?id=fields.html#op_sys">OS:</a>
</th>
<td class="field_value"> Linux </td>
</tr>
<tr>
<th class="field_label">
<label accesskey="i">
<a href="page.cgi?id=fields.html#priority">Priority:</a></label>
</th>
<td>medium </td>
</tr>
<tr>
<th class="field_label">
<label><a href="page.cgi?id=fields.html#bug_severity">Severity:</a>
</label>
</th>
<td> medium </td>
</tr>
<tr>
<th class="field_label " id="field_label_target_milestone">
<a title="The Target Milestone field is used to define when the engineer the bug is assigned to expects to fix it." class="field_help_link" href="page.cgi?id=fields.html#target_milestone">Target Milestone:</a>
</th>
<td>
<span id="target_milestone">--- </span>
</td>
</tr>
<tr>
<th class="field_label " id="field_label_assigned_to">
<a title="The person in charge of resolving the bug." class="field_help_link" href="page.cgi?id=fields.html#assigned_to">Assignee:</a>
</th>
<td><span class="vcard redhat_user"><span class="fn">Red Hat Product Security</span>
</span>
</td>
</tr>
<tr>
<th class="field_label " id="field_label_qa_contact">
<a title="The person responsible for confirming this bug if it is unconfirmed, and for verifying the fix once the bug has been resolved." class="field_help_link" href="page.cgi?id=fields.html#qa_contact">QA Contact:</a>
</th>
<td><span class="vcard ">
</span>
</td>
</tr>
<tr>
<th class="field_label " id="field_label_docs_contact">
<label for="docs_contact" accesskey="q">
<a title="The person responsible for documenting once the bug has been resolved." class="field_help_link" href="page.cgi?id=fields.html#docs_contact">Docs Contact:</a>
</label>
</th>
<td><span class="vcard ">
</span>
</td>
</tr>
<script type="text/javascript">
assignToDefaultOnChange(['product', 'component'], 'security-response-team\x40redhat.com', '', '');
</script>
<tr>
<th class="field_label " id="field_label_bug_file_loc">
<a title="Bugs can have a URL associated with them - for example, a pointer to a web site where the problem is seen." class="field_help_link" href="page.cgi?id=fields.html#bug_file_loc">URL:</a>
</th>
<td>
<span id="bz_url_input_area">
</span>
</td>
</tr>
<tr>
<th class="field_label " id="field_label_status_whiteboard">
<a title="Each bug has a free-form single line text entry box for adding tags and status information." class="field_help_link" href="page.cgi?id=fields.html#status_whiteboard">Whiteboard:</a>
</th>
<td>
</td>
</tr>
<tr>
<th class="field_label " id="field_label_dependson">
<a title="The bugs listed here must be resolved before this bug can be resolved." class="field_help_link" href="page.cgi?id=fields.html#dependson">Depends On:</a>
</th>
<td>
<span id="dependson_input_area">
</span>
<a class="bz_bug_link
bz_status_NEW
" title="NEW - CVE-2022-2085 ghostscript: Null pointer dereference in gx_default_create_buf_device() [fedora-all]" href="show_bug.cgi?id=2097175">2097175</a>
</td>
</tr>
<tr>
<th class="field_label " id="field_label_blocked">
<a title="This bug must be resolved before the bugs listed in this field can be resolved." class="field_help_link" href="page.cgi?id=fields.html#blocked">Blocks:</a>
</th>
<td>
<span id="blocked_input_area">
</span>
<a class="bz_bug_link
bz_secure
" title="" href="show_bug.cgi?id=2095268">2095268</a> <a class="bz_bug_link
bz_secure
" title="" href="show_bug.cgi?id=2097177">2097177</a>
</td>
</tr>
<tr>
<th class="field_label">TreeView+</th>
<td>
<a href="buglist.cgi?bug_id=2095261&bug_id_type=anddependson&format=tvp">
depends on</a> / <a href="buglist.cgi?bug_id=2095261&bug_id_type=andblocked&format=tvp&tvp_dir=blocked">
blocked</a>
</td>
<td></td>
</tr>
</tbody>
</table>
</td>
<td>
<div class="bz_column_spacer"> </div>
</td>
<td id="bz_show_bug_column_2" class="bz_show_bug_column">
<table>
<tbody>
<tr>
<th class="field_label">
<a href="page.cgi?id=fields.html#reporter">Reported:</a>
</th>
<td>2022-06-09 11:39 UTC by <span class="vcard redhat_user"><span class="fn">TEJ RATHI</span>
</span>
</td>
</tr>
<tr>
<th class="field_label">
<a href="page.cgi?id=fields.html#modified">Modified:</a>
</th>
<td>2022-06-15 12:19 UTC (<a href="show_activity.cgi?id=2095261">History</a>) </td>
</tr>
<tr>
<th class="field_label">
<label accesskey="a">
<a href="page.cgi?id=fields.html#cclist">CC List:</a>
</label>
</th>
<td>5 users <span id="cc_edit_area_showhide_container"> (<a href="#" id="cc_edit_area_showhide">show</a>) </span>
<div id="cc_edit_area" class="bz_default_hidden">
<br>
<select id="cc" multiple="multiple" size="5">
<option value="akhaitovich">akhaitovich</option>
<option value="mjg">mjg</option>
<option value="mosvald">mosvald</option>
<option value="rlescak">rlescak</option>
<option value="zdohnal">zdohnal</option>
</select>
</div>
<script type="text/javascript">
hideEditableField('cc_edit_area_showhide_container', 'cc_edit_area', 'cc_edit_area_showhide', '', '');
</script>
</td>
</tr>
<tr>
<th class="field_label " id="field_label_cf_fixed_in">
<a title="The full package version. PGM uses to check if brew ...">Fixed In Version:</a>
</th>
<td class="field_value " id="field_container_cf_fixed_in" colspan="2">
</td>
</tr>
<tr>
<th class="field_label " id="field_label_cf_doc_type">
<a title="Click the information icon to the right to see the description">Doc Type:</a>
<i class="fas fa-info-circle pop-text" onclick="alertify.alert('Doc Type', BB_FIELDS['cf_doc_type'].long_desc)" title="Click to see full description"></i>
</th>
<td class="field_value " id="field_container_cf_doc_type" colspan="2">If docs needed, set a value <span id="cf_doc_warn"></span></td>
</tr>
<tr>
<th class="field_label " id="field_label_cf_release_notes">
<a title="Click the information icon to the right to see the description">Doc Text:</a>
<i class="fas fa-info-circle pop-text" onclick="alertify.alert('Doc Text', BB_FIELDS['cf_release_notes'].long_desc)" title="Click to see full description"></i>
</th>
<td class="field_value " id="field_container_cf_release_notes" colspan="2">
<div class="uneditable_textarea">A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an
init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an
attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash.</div>
</td>
</tr>
<tr>
<th class="field_label " id="field_label_cf_clone_of">
<a title="The bug listed here was the bug cloned to create thi...">Clone Of:</a>
</th>
<td class="field_value " id="field_container_cf_clone_of" colspan="2">
</td>
</tr>
<tr>
<th class="field_label " id="field_label_cf_environment">
<a title="This field is used for unformatted text that helps t...">Environment:</a>
</th>
<td class="field_value " id="field_container_cf_environment" colspan="2">
<div class="uneditable_textarea"></div>
</td>
</tr>
<tr>
<th class="field_label " id="field_label_cf_last_closed">
<a title="When this bug was last marked as closed. Used for st...">Last Closed:</a>
</th>
<td class="field_value " id="field_container_cf_last_closed" colspan="2">2022-06-15 11:51:42 UTC </td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td colspan="3">
<hr id="bz_top_half_spacer">
</td>
</tr>
</tbody>
</table>
<table id="bz_big_form_parts">
<tbody>
<tr>
<td>
<script type="text/javascript">
<!--
function toggle_display(link) {
var table = document.getElementById("attachment_table");
var view_all = document.getElementById("view_all");
var hide_obsolete_url_parameter = "&hide_obsolete=1";
// Store current height for scrolling later
var originalHeight = table.offsetHeight;
var rows = YAHOO.util.Dom.getElementsByClassName('bz_tr_obsolete', 'tr', table);
for (var i = 0; i < rows.length; i++) {
bz_toggleClass(rows[i], 'bz_default_hidden');
}
if (YAHOO.util.Dom.hasClass(rows[0], 'bz_default_hidden')) {
link.innerHTML = "Show Obsolete";
view_all.href = view_all.href + hide_obsolete_url_parameter
} else {
link.innerHTML = "Hide Obsolete";
view_all.href = view_all.href.replace(hide_obsolete_url_parameter, "");
}
var newHeight = table.offsetHeight;
// This scrolling makes the window appear to not move at all.
window.scrollBy(0, newHeight - originalHeight);
return false;
}
//
-->
</script>
<br>
<table id="attachment_table">
<tbody>
<tr id="a0">
<th align="left"> Attachments </th>
<th colspan="2" align="right">
<a href="page.cgi?id=terms-conditions.html">(Terms of Use)</a>
</th>
</tr>
<tr class="bz_attach_footer">
<td colspan="3">
<a href="attachment.cgi?bugid=2095261&action=enter">Add an attachment</a> (proposed patch, testcase, etc.)
</td>
</tr>
</tbody>
</table>
<br>
</td>
<td class="groups">
</td>
</tr>
</tbody>
</table>
<div id="comments">
<script type="text/javascript">
<!--
/* Adds the reply text to the 'comment' textarea */
function replyToComment(id, real_id, name) {
var prefix = "(In reply to " + name + " from comment #" + id + ")\n";
var replytext = "";
/* pre id="comment_name_N" */
var text_elem = document.getElementById('comment_text_' + id);
var text = getText(text_elem);
replytext = prefix + wrapReplyText(text);
/* <textarea id="comment"> */
var textarea = document.getElementById('comment');
if (textarea.value != replytext) {
textarea.value += replytext;
}
textarea.focus();
}
//
-->
</script>
<!-- This auto-sizes the comments and positions the collapse/expand links
to the right. -->
<table class="bz_comment_table">
<tbody>
<tr>
<td>
<div id="c0" class="bz_comment bz_first_comment
">
<div class="bz_first_comment_head">
<span class="bz_comment_number">
<a href="show_bug.cgi?id=2095261#c0">Description</a>
</span>
<span class="bz_comment_user">
<span class="vcard redhat_user"><span class="fn">TEJ RATHI</span>
</span>
</span>
<span class="bz_comment_user_images">
</span>
<span class="bz_comment_time"> 2022-06-09 11:39:50 UTC </span>
</div>
<pre class="bz_comment_text">Null pointer dereference flaw was found in gx_default_create_buf_device().
<a href="https://bugs.ghostscript.com/show_bug.cgi?id=704945">https://bugs.ghostscript.com/show_bug.cgi?id=704945</a>
<a href="http://git.ghostscript.com/?p=ghostpdl.git;h=ae1061d948d88667bdf51d47d918c4684d0f67df">http://git.ghostscript.com/?p=ghostpdl.git;h=ae1061d948d88667bdf51d47d918c4684d0f67df</a>
</pre>
</div>
<div id="c2" class="bz_comment
">
<div class="bz_comment_head">
<span class="bz_comment_number">
<a href="show_bug.cgi?id=2095261#c2">Comment 2</a>
</span>
<span class="bz_comment_user">
<span class="vcard redhat_user"><span class="fn">TEJ RATHI</span>
</span>
</span>
<span class="bz_comment_user_images">
</span>
<span class="bz_comment_time"> 2022-06-15 04:50:37 UTC </span>
</div>
<pre class="bz_comment_text">Created ghostscript tracking bugs for this issue:
Affects: fedora-all [<a class="bz_bug_link
bz_status_NEW
" title="NEW - CVE-2022-2085 ghostscript: Null pointer dereference in gx_default_create_buf_device() [fedora-all]" href="show_bug.cgi?id=2097175">bug 2097175</a>]
</pre>
</div>
<div id="c4" class="bz_comment
">
<div class="bz_comment_head">
<span class="bz_comment_number">
<a href="show_bug.cgi?id=2095261#c4">Comment 4</a>
</span>
<span class="bz_comment_user">
<span class="vcard redhat_user"><span class="fn">Product Security DevOps Team</span>
</span>
</span>
<span class="bz_comment_user_images">
</span>
<span class="bz_comment_time"> 2022-06-15 11:51:40 UTC </span>
</div>
<pre class="bz_comment_text">This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
<a href="https://access.redhat.com/security/cve/cve-2022-2085">https://access.redhat.com/security/cve/cve-2022-2085</a>
</pre>
</div>
<script>
$(document).ready(function() {
var mysel = document.getElementsByClassName('flag_type-415')[0];
var relnotes = document.getElementById('cf_release_notes');
if (mysel && relnotes && relnotes.value != '' && relnotes.value != cf_doc_type_text[document.getElementById('cf_doc_type').value] && mysel.options[mysel.selectedIndex].value != '+') document.getElementById('cf_doc_warn')
.innerHTML = '<div class="warning "><b>Warning: Doc Text is not yet verified as correct</b></div>';
});
</script>
</td>
<td>
</td>
</tr>
</tbody>
</table>
</div>
<hr>
<div id="add_comment" class="bz_section_additional_comments">
<table>
<tbody>
<tr>
<td>
<fieldset>
<legend>Note</legend> You need to <a href="show_bug.cgi?id=2095261&GoAheadAndLogIn=1">log in</a> before you can comment on or make changes to this bug.
</fieldset>
</td>
</tr>
</tbody>
</table>
</div>
</form>GET buglist.cgi
<form action="buglist.cgi" method="get" onsubmit="if (this.quicksearch.value == '')
{ alert('Please enter one or more search terms first.');
return false; } return true;">
<input type="hidden" id="no_redirect_bottom" name="no_redirect" value="1">
<script type="text/javascript">
if (history && history.replaceState) {
var no_redirect = document.getElementById("no_redirect_bottom");
no_redirect.value = 1;
}
</script>
<input class="txt" type="text" id="quicksearch_bottom" name="quicksearch" title="Quick Search" value="">
<input class="btn" type="submit" value="Search" id="find_bottom">
</form>Text Content
Login
[x]
* Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
* Forgot Password
Login:
Hide Forgot
* Create an Account
Red Hat Bugzilla – Bug 2095261
*
[?]
*
* New
* * Simple Search
* Advanced Search
* My Links
* Browse
* Requests
* Reports
* Current State
* Search
* Tabular reports
* Graphical reports
* Duplicates
* Other Reports
* User Changes
* Plotly Reports
* Bug Status
* Bug Severity
* Non-Defaults
* | Product Dashboard
* Help
* Page Help!
* Bug Writing Guidelines
* What's new
* Browser Support Policy
* 5.0.4.rh72 Release notes
* FAQ
* Guides index
* User guide
* Web Services
* Contact
* Legal
This site requires JavaScript to be enabled to function correctly, please enable
it.
*
*
*
*
*
*
Bug 2095261 (CVE-2022-2085) - CVE-2022-2085 ghostscript: Null pointer
dereference in gx_default_create_buf_device()
Summary: CVE-2022-2085 ghostscript: Null pointer dereference in
gx_default_create_buf_...
Keywords:
Security
Security ×
Status: CLOSED NOTABUG Alias: CVE-2022-2085 Product: Security Response
Classification: Other Component: vulnerability Sub Component:
Version: unspecified Hardware: All OS: Linux Priority: medium Severity: medium
Target Milestone: --- Assignee: Red Hat Product Security QA Contact: Docs
Contact: URL: Whiteboard: Depends On: 2097175 Blocks: 2095268 2097177 TreeView+
depends on / blocked
Reported: 2022-06-09 11:39 UTC by TEJ RATHI Modified: 2022-06-15 12:19 UTC
(History) CC List: 5 users (show)
akhaitovich mjg mosvald rlescak zdohnal
Fixed In Version: Doc Type: If docs needed, set a value Doc Text:
A NULL pointer dereference vulnerability was found in Ghostscript, which occurs
when it tries to render a large number of bits in memory. When allocating a
buffer device, it relies on an init_device_procs defined for the device that
uses it as a prototype that depends upon the number of bits per pixel. For bpp >
64, mem_x_device is used and does not have an init_device_procs defined. This
flaw allows an attacker to parse a large number of bits (more than 64 bits per
pixel), which triggers a NULL pointer dereference flaw, causing an application
to crash.
Clone Of: Environment:
Last Closed: 2022-06-15 11:51:42 UTC
--------------------------------------------------------------------------------
Attachments (Terms of Use) Add an attachment (proposed patch, testcase, etc.)
Description TEJ RATHI 2022-06-09 11:39:50 UTC
Null pointer dereference flaw was found in gx_default_create_buf_device().
https://bugs.ghostscript.com/show_bug.cgi?id=704945
http://git.ghostscript.com/?p=ghostpdl.git;h=ae1061d948d88667bdf51d47d918c4684d0f67df
Comment 2 TEJ RATHI 2022-06-15 04:50:37 UTC
Created ghostscript tracking bugs for this issue:
Affects: fedora-all [bug 2097175]
Comment 4 Product Security DevOps Team 2022-06-15 11:51:40 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2022-2085
--------------------------------------------------------------------------------
Note You need to log in before you can comment on or make changes to this bug.
--------------------------------------------------------------------------------
*
*
*
*
*
*
* *
[?]
Type a sub-component name