CVE-2020-27792Improper Restriction of Operations within the Bounds of a Memory Buffer in Ghostscript

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer OverflowCWE-400Uncontrolled Resource Consumption9 documents7 sources
Severity
7.1HIGHNVD
EPSS
0.1%
top 83.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Artifex GhostscriptDebian Linux
Timeline
PublishedAug 19
Latest updateSep 27

Description

A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

Debianartifex/ghostscript< 9.51~dfsg-1+3
Ubuntuartifex/ghostscript< 9.26~dfsg+0-0ubuntu0.18.04.17+2

Also affects: Debian Linux 10.0

🔴Vulnerability Details

4
OSV
ghostscript vulnerabilities2022-09-27
GHSA
GHSA-7h9w-vh8m-rj5g: A heap-based buffer over write vulnerability was found in GhostScript's lp8000_print_page() function in gdevlp8k2022-08-20
OSV
CVE-2020-27792: A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k2022-08-19
CVEList
Ghostscript: heap buffer over write vulnerability in ghostscript's lp8000_print_page() in gdevlp8k.c2022-08-19

📋Vendor Advisories

4
Ubuntu
Ghostscript vulnerabilities2022-09-27
Ubuntu
Ghostscript vulnerability2022-09-20
Debian
CVE-2020-27792: ghostscript - A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_pr...2020
Red Hat
ghostscript: heap buffer over write vulnerability in GhostScript's lp8000_print_page() in gdevlp8k.c2019-11-06
CVE-2020-27792 — Artifex Ghostscript vulnerability | cvebase