CVE-2020-16293 — NULL Pointer Dereference in Ghostscript
Severity
5.5MEDIUMNVD
EPSS
1.3%
top 20.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 13
Latest updateMay 24
Description
A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages2 packages
Also affects: Debian Linux 10.0, 9.0, Ubuntu Linux 16.04, 18.04, 20.04
🔴Vulnerability Details
3GHSA▶
GHSA-v94m-px3x-gg3c: A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend↗2022-05-24
OSV▶
CVE-2020-16293: A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend↗2020-08-13
CVEList▶
CVE-2020-16293: A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend↗2020-08-13
📋Vendor Advisories
3💬Community
2Bugzilla▶
CVE-2020-16293 ghostscript: NULL pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c could result in a DoS via a crafted PDF file [fedor↗2020-08-19
Bugzilla▶
CVE-2020-16293 ghostscript: NULL pointer dereference in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c could result in a DoS↗2020-08-19