CVE-2020-15900
published 2020-07-28CVE-2020-15900: A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | ghostscript | — | — |
| artifex | ghostscript | — | — |
| artifex | ghostscript | >= 0 < 9.52.1~dfsg-1 | 9.52.1~dfsg-1 |
| artifex | ghostscript | >= 0 < 9.52.1~dfsg-1 | 9.52.1~dfsg-1 |
| artifex | ghostscript | >= 0 < 9.52.1~dfsg-1 | 9.52.1~dfsg-1 |
| artifex | ghostscript | >= 0 < 9.52.1~dfsg-1 | 9.52.1~dfsg-1 |
| canonical | ubuntu_linux | — | — |
| debian | ghostscript | < ghostscript 9.52.1~dfsg-1 (bookworm) | ghostscript 9.52.1~dfsg-1 (bookworm) |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL