CyberSec.Space Logo
Back to CVE Browser

CVE-2020-15900

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1060%
EPSS Percentile22.73th
PublishedJul 28, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.

Affected Platforms (CPE)

πŸ“¦
Artifex

Ghostscript

= 9.50
πŸ“¦
Artifex

Ghostscript

= 9.52
πŸ’»
Canonical

Ubuntu Linux

= 20.04
πŸ’»
Opensuse

Leap

= 15.1
πŸ’»
Opensuse

Leap

= 15.2

References & Advisories

πŸ”— http://git.ghostscript.com/?p=ghostpdl.git%3Ba=log
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00004.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00006.html
πŸ”— https://artifex.com/security-advisories/CVE-2020-15900
πŸ”— https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5d499272b95a6b890a1397e11d20937de000d31b
πŸ”— https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b
πŸ”— https://github.com/ArtifexSoftware/ghostpdl/commits/master/psi/zstring.c
πŸ”— https://security.gentoo.org/glsa/202008-20

Related Vulnerabilities

CVE-2021-37819.9

A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a speciall...

CVE-2020-276059.8

BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks...

CVE-2019-148139.8

A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its p...

CVE-2020-367739.8

Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) becaus...