VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-6t3m-jjba-tyb3

Essentials
Severities (29)
References (15)
Severity details (11)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-6t3m-jjba-tyb3
Aliases	CVE-2020-36773
Summary	Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).
Status	Published
Exploitability	0.5
Weighted Severity	8.8
Risk	4.4
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-416	Use After Free
CWE-787	Out-of-bounds Write

System	Score	Found at
cvssv3	9.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36773.json
epss	0.00106	https://api.first.org/data/v1/epss?cve=CVE-2020-36773
epss	0.00106	https://api.first.org/data/v1/epss?cve=CVE-2020-36773
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-36773
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-36773
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-36773
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-36773
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-36773
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-36773
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-36773
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-36773
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-36773
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-36773
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-36773
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-36773
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-36773
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-36773
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-36773
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-36773
cvssv3.1	9.8	https://bugs.ghostscript.com/show_bug.cgi?id=702229
ssvc	Track	https://bugs.ghostscript.com/show_bug.cgi?id=702229
cvssv3.1	9.8	https://bugzilla.opensuse.org/show_bug.cgi?id=1177922
ssvc	Track	https://bugzilla.opensuse.org/show_bug.cgi?id=1177922
cvssv3.1	8.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	9.8	https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874
ssvc	Track	https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874
cvssv3.1	9.8	https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530
ssvc	Track	https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2020-36773

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36773.json
		https://api.first.org/data/v1/epss?cve=CVE-2020-36773
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36773
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2262734		https://bugzilla.redhat.com/show_bug.cgi?id=2262734
cpe:2.3:a:artifex:ghostscript:9.51:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:artifex:ghostscript:9.51:::::::*
cpe:2.3:a:artifex:ghostscript:9.52:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:artifex:ghostscript:9.52:::::::*
cpe:2.3:a:artifex:ghostscript:9.52.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:artifex:ghostscript:9.52.1:::::::*
cpe:2.3:a:artifex:ghostscript:9.53.0:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:artifex:ghostscript:9.53.0:rc1::::::
cpe:2.3:a:artifex:ghostscript:9.53.0:rc2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:artifex:ghostscript:9.53.0:rc2::::::
CVE-2020-36773		https://nvd.nist.gov/vuln/detail/CVE-2020-36773
gs9530		https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530
?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874		https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874
show_bug.cgi?id=1177922		https://bugzilla.opensuse.org/show_bug.cgi?id=1177922
show_bug.cgi?id=702229		https://bugs.ghostscript.com/show_bug.cgi?id=702229

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36773.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugs.ghostscript.com/show_bug.cgi?id=702229

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T15:56:53Z/ Found at https://bugs.ghostscript.com/show_bug.cgi?id=702229

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.opensuse.org/show_bug.cgi?id=1177922

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T15:56:53Z/ Found at https://bugzilla.opensuse.org/show_bug.cgi?id=1177922

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T15:56:53Z/ Found at https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T15:56:53Z/ Found at https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-36773

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.2938
EPSS Score	0.00106
Published At	Aug. 16, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:44:43.826420+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2020/36xxx/CVE-2020-36773.json	37.0.0