Vulnerability DatabaseCVE-2022-1350

CVE-2022-1350:
Ghostscript vulnerability analysis and mitigation

Overview

A vulnerability classified as problematic was found in GhostPCL 9.55.0, affecting the function chunkfreeobject in the file gsmchunk.c. The vulnerability leads to memory corruption when manipulating malicious files. While the attack can be initiated remotely, it requires user interaction. The vulnerability has been publicly disclosed with a proof of concept available (Debian Tracker).

Technical details

The vulnerability specifically impacts the chunkfreeobject function within gsmchunk.c, leading to memory corruption when processing malicious files. The issue affects multiple versions of the software, including GhostPCL 9.55.0 and various Debian distributions such as bullseye, bookworm, and sid (Debian Tracker).

Impact

The vulnerability can result in memory corruption when processing malicious files, potentially affecting system stability and security. The attack vector requires user interaction but can be initiated remotely (Debian Tracker).

Mitigation and workarounds

It is recommended to apply the available patches to address this vulnerability. Various Debian distributions have released updated versions to address the issue (Debian Tracker).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a Wiz customer? See which CVEs are exploitable in your environment.

Get a CVE Assessment

7.8

Score

Published April 14, 2022

Severity HIGH

CNA Score 4.3

Affected Technologies

Ghostscript

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 53.3

Exploitation Probability (EPSS) 0.3

Affected packages and libraries

ghostscript

Sources

NVD
Debian Security Tracker
- Debian 11 Severity LOWNo FixAdded at: Apr 15, 2022
- Debian 12 Severity LOWHas FixAdded at: Apr 15, 2022
- Debian 13 Severity LOWHas FixAdded at: Jun 11, 2023
- Debian 14 Severity LOWHas FixAdded at: Aug 10, 2025
Echo
- Echo Severity HIGHHas FixAdded at: Nov 18, 2025

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Ghostscript vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-59800	MEDIUM	5.5	Ghostscript	ghostscript-doc	No	Yes	Sep 22, 2025
CVE-2025-59799	MEDIUM	5.5	Ghostscript	cpe:2.3:a:artifex:ghostscript	No	Yes	Sep 22, 2025
CVE-2025-59798	MEDIUM	5.5	Ghostscript	ghostscript-devel	No	Yes	Sep 22, 2025
CVE-2025-7462	MEDIUM	5.3	Ghostscript	ghostscript	No	Yes	Jul 12, 2025
CVE-2025-59801	MEDIUM	4.3	Ghostscript	ghostscript	No	Yes	Sep 22, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2022-1350: Ghostscript vulnerability analysis and mitigation