Artifex Ghostscript 9.55.0

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:artifex:ghostscript:9.55.0:*:*:*:*:*:*:*

part: a version: 9.55.0 update: *

VendorArtifex (0075fabc-cec9-5063-a004-04a5c9db1a9b)
ProductGhostscript (2768aa7e-f93f-51c8-bf61-d81e3bb18978)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:deb/debian/ghostscript purl2cpe 2026-06-01 10:15:00.320351
pkg:deb/ubuntu/ghostscript purl2cpe 2026-06-01 10:15:00.320353
pkg:github/artifexsoftware/ghostpdl purl2cpe 2026-06-01 10:15:00.320354
pkg:github/artifexsoftware/ghostpdl-downloads purl2cpe 2026-06-01 10:15:00.320356
pkg:rpm/fedora/ghostscript purl2cpe 2026-06-01 10:15:00.320358
pkg:rpm/opensuse/ghostscript purl2cpe 2026-06-01 10:15:00.320360
pkg:sourceforge/ghostscript purl2cpe 2026-06-01 10:15:00.320361

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2022-2085 vulnerable 2026-06-03 14:47:00.220503 Details available
A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash.
Published: 2022-06-16T00:00:00.000Z
Updated: 2025-02-13T16:28:52.337Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.