{"id":"CVE-2020-36773","details":"Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).","modified":"2026-05-18T05:51:11.091754602Z","published":"2024-02-04T18:16:00.713Z","related":["SUSE-SU-2024:0920-1","SUSE-SU-2024:0921-1"],"database_specific":{"unresolved_ranges":[{"vendor_product":"artifex:ghostscript","cpes":["cpe:2.3:a:artifex:ghostscript:9.52.1:*:*:*:*:*:*:*","cpe:2.3:a:artifex:ghostscript:9.52:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"last_affected":"9.52"},{"last_affected":"9.52.1"}]}]},"references":[{"type":"WEB","url":"https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874"},{"type":"ADVISORY","url":"https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530"},{"type":"REPORT","url":"https://bugzilla.opensuse.org/show_bug.cgi?id=1177922"},{"type":"FIX","url":"https://bugs.ghostscript.com/show_bug.cgi?id=702229"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/artifexsoftware/ghostpdl-downloads","events":[{"introduced":"0"},{"last_affected":"16c7521e7784c75cbdc5ab31f4fe407eb7d72ae9"},{"last_affected":"6faa77094ce388292a2797477bd4597e6b3b35ff"}],"database_specific":{"cpe":["cpe:2.3:a:artifex:ghostscript:9.51:*:*:*:*:*:*:*","cpe:2.3:a:artifex:ghostscript:9.53.0:rc1:*:*:*:*:*:*","cpe:2.3:a:artifex:ghostscript:9.53.0:rc2:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"9.51"},{"last_affected":"9.53.0-rc1"},{"last_affected":"9.53.0-rc2"}]}}],"versions":["gs952","ghostpdl-9.53.0rc2","ghostpdl-9.53.0rc1","gs951","ghostpdl-9.51","gs951rc3","ghostpdl-9.51rc2","gs950","gs928rc4","gs928rc3","gs928rc2","gs928rc1","gs927","gs9.27","9.27","gs926","gs9.26rc1","9.27rc1","gs925rc1","gs925","gs924rc2","gs924","gs923rc1","gs923","gs922","gs922rc2","gs922rc1","gs921","gs920","9.21rc1","gs920rc1","gs919","gs918"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-36773.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}