CVE-2020-14373

CWE-416Use After Free7 documents7 sources
Severity
5.5MEDIUM
EPSS
0.2%
top 62.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Artifex GhostscriptRedhat Enterprise Linux
Timeline
PublishedSep 3
Latest updateMay 24

Description

A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

Debianghostscript< 9.26~dfsg-1+3
CVEListV5ghostscript9.25

Also affects: Enterprise Linux 7.0, 8.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-qpgp-38q3-x9pp: A use after free was found in igc_reloc_struct_ptr() of psi/igc2022-05-24
CVEList
CVE-2020-14373: A use after free was found in igc_reloc_struct_ptr() of psi/igc2020-09-03
OSV
CVE-2020-14373: A use after free was found in igc_reloc_struct_ptr() of psi/igc2020-09-03

📋Vendor Advisories

2
Red Hat
ghostscript: use-after-free vulnerability in igc_reloc_struct_ptr() could result in DoS2020-09-02
Debian
CVE-2020-14373: ghostscript - A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript...2020

💬Community

1
Bugzilla
CVE-2020-14373 ghostscript: use-after-free vulnerability in igc_reloc_struct_ptr() could result in DoS2020-08-27
CVE-2020-14373 (MEDIUM CVSS 5.5) | A use after free was found in igc_r | cvebase.io