CVE-2022-2085

Name	CVE-2022-2085
Description	A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
ghostscript (PTS)	bullseye	9.53.3~dfsg-7+deb11u7	fixed
	bullseye (security)	9.53.3~dfsg-7+deb11u11	fixed
	bookworm	10.0.0~dfsg-11+deb12u7	fixed
	bookworm (security)	10.0.0~dfsg-11+deb12u8	fixed
	trixie	10.05.1~dfsg-1	fixed
	trixie (security)	10.05.1~dfsg-1+deb13u1	fixed
	forky	10.05.1~dfsg-3	fixed
	sid	10.06.0~dfsg-3	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version
ghostscript	source	stretch	(not affected)
ghostscript	source	buster	(not affected)
ghostscript	source	bullseye	(not affected)
ghostscript	source	(unstable)	9.56.0~dfsg-1

Notes

[bullseye] - ghostscript <not-affected> (Vulnerable code not present)
[buster] - ghostscript <not-affected> (Vulnerable code not present)
[stretch] - ghostscript <not-affected> (Vulnerable code not present)
https://bugs.ghostscript.com/show_bug.cgi?id=704945
Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=ae1061d948d88667bdf51d47d918c4684d0f67df (ghostpdl-9.56.0rc1)
Introduced by: https://git.ghostscript.com/?p=ghostpdl.git;h=6f332dd0baee0135ebff0bf25c56e9adff0f944a (ghostpdl-9.55.0rc1)