Home > Vulnerability Database > CVE-2020-15900

Mend.io Vulnerability Database

CVE-2020-15900

Good to know:

Date: July 28, 2020

A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.

Language: C

Severity Score

9.8

Related Resources (16)

Url: http://git.ghostscript.com/?p=ghostpdl.git;a=log

Url: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b

Url: https://usn.ubuntu.com/4445-1/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15900

Url: https://security.alpinelinux.org/vuln/CVE-2020-15900

Url: https://security-tracker.debian.org/tracker/CVE-2020-15900

Url: http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00004.html

Url: https://github.com/ArtifexSoftware/ghostpdl/commits/master/psi/zstring.c

Url: https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b

Url: http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00006.html

Url: https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5d499272b95a6b890a1397e11d20937de000d31b

Url: http://git.ghostscript.com/?p=ghostpdl.git%3Ba=log

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-15900

Url: https://artifex.com/security-advisories/CVE-2020-15900

Url: https://security.gentoo.org/glsa/202008-20

Url: https://www.mend.io/vulnerability-database/CVE-2020-15900

Severity Score

9.8

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

Integer Underflow (Wrap or Wraparound)

CWE-191

Out-of-bounds Write

CWE-787

Top Fix

Upgrade Version

Upgrade to version ghostscript - 9.53.3

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-15900

Good to know:

Date: July 28, 2020

Language: C

Severity Score

Related Resources (16)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?