CVE-2020-15900

Published: Jul 28, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.

Affected (5)

Products: Artifex: Ghostscript · Canonical: Ubuntu Linux · Opensuse: Leap

1 product

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Artifex Ghostscript	Version 9.50
Artifex Ghostscript	Version 9.52

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 20.04

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.1
Opensuse Leap	Version 15.2

Related CWEs

Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (18)

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=log

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00004.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00006.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://artifex.com/security-advisories/CVE-2020-15900

Source: cve@mitre.org

Vendor Advisory

https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5d499272b95a6b890a1397e11d20937de000d31b

Source: cve@mitre.org

https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/ArtifexSoftware/ghostpdl/commits/master/psi/zstring.c

Source: cve@mitre.org

PatchThird Party Advisory

https://security.gentoo.org/glsa/202008-20

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4445-1/

Source: cve@mitre.org

Third Party Advisory

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=log

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://artifex.com/security-advisories/CVE-2020-15900

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5d499272b95a6b890a1397e11d20937de000d31b

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/ArtifexSoftware/ghostpdl/commits/master/psi/zstring.c

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://security.gentoo.org/glsa/202008-20

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4445-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.