CVE-2020-15900

9.8CRITICAL

Key Information

Vendor: Artifex
Status: Ghostscript
Vendor: CVE Published:; 28 July 2020

Summary

A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.

Refferences

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=log

x_refsource_MISC

https://github.com/ArtifexSoftware/ghostpdl/commits/maste...

x_refsource_MISC

https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdif...

x_refsource_MISC

https://github.com/ArtifexSoftware/ghostpdl/commit/5d4992...

x_refsource_MISC

https://artifex.com/security-advisories/CVE-2020-15900

x_refsource_CONFIRM

http://lists.opensuse.org/opensuse-security-announce/2020...

vendor-advisoryx_refsource_SUSE

http://lists.opensuse.org/opensuse-security-announce/2020...

vendor-advisoryx_refsource_SUSE

https://usn.ubuntu.com/4445-1/

vendor-advisoryx_refsource_UBUNTU

https://security.gentoo.org/glsa/202008-20

vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 28, 2020
Vulnerability Reserved
Jul 22, 2020

Collectors

NVD DatabaseMitre Database

.