Buffer Overflow in Artifex Ghostscript Affects PDF Handling
CVE-2020-21890

7.8HIGH

Key Information:

Vendor: Artifex
Status: Ghostscript
Vendor: CVE Published:; 22 August 2023

What is CVE-2020-21890?

A buffer overflow vulnerability exists in the clj_media_size function within the Artifex Ghostscript 9.50. This flaw allows remote attackers to exploit the system by sending specially crafted PDF documents. When these documents are processed, it may lead to a denial of service or potentially other unspecified impacts, compromising the stability and security of applications reliant on this PDF processing tool.

References

https://bugs.ghostscript.com/show_bug.cgi?id=701846

https://lists.debian.org/debian-lts-announce/2023/09/msg0...

mailing-list

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2023
Vulnerability Reserved
Aug 13, 2020