CVE-2022-2085

Name of the Vulnerable Software and Affected Versions Ghostscript (affected versions not specified)

Description A NULL pointer dereference issue was found in Ghostscript, occurring when it attempts to render a large number of bits in memory. The problem arises when allocating a buffer device, relying on an init device procs defined for the device that uses it as a prototype, which depends on the number of bits per pixel. For bits per pixel (bpp) greater than 64, mem x device is used, and it does not have an init device procs defined. This allows an attacker to parse a large number of bits (more than 64 bits per pixel), triggering a NULL pointer dereference, causing the application to crash.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.