CVE-2020-27792

A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.
Configurations

Configuration 1 (hide)

cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

19 Dec 2023, 06:15

Type Values Removed Values Added
CWE CWE-122

13 Dec 2023, 07:15

Type Values Removed Values Added
CWE CWE-122

13 Dec 2023, 06:15

Type Values Removed Values Added
CWE CWE-400

21 Nov 2023, 07:15

Type Values Removed Values Added
Summary A heap-based buffer over write vulnerability was found in GhostScript's lp8000_print_page() function in gdevlp8k.c file. An attacker could trick a user to open a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service. A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.
References
  • () https://access.redhat.com/security/cve/CVE-2020-27792 -
  • () https://bugzilla.redhat.com/show_bug.cgi?id=2247179 -
  • () https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f6bc662909ab79e8fbe9822afb36e8a0eafc2b7 -

07 Nov 2023, 03:21

Type Values Removed Values Added
References
  • {'url': 'https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f6bc662909ab79e8fbe9822afb36e8a0eafc2b7', 'name': 'https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f6bc662909ab79e8fbe9822afb36e8a0eafc2b7', 'tags': ['Patch', 'Vendor Advisory'], 'refsource': 'MISC'}
  • () https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=4f6bc662909ab79e8fbe9822afb36e8a0eafc2b7 -

30 Sep 2022, 19:49

Type Values Removed Values Added
References (MLIST) https://lists.debian.org/debian-lts-announce/2022/09/msg00005.html - (MLIST) https://lists.debian.org/debian-lts-announce/2022/09/msg00005.html - Mailing List, Third Party Advisory
CPE cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
First Time Debian debian Linux
Debian

04 Sep 2022, 01:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/09/msg00005.html -

23 Aug 2022, 18:06

Type Values Removed Values Added
CPE cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.1
CWE CWE-119
First Time Artifex ghostscript
Artifex
References (MISC) https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f6bc662909ab79e8fbe9822afb36e8a0eafc2b7 - (MISC) https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f6bc662909ab79e8fbe9822afb36e8a0eafc2b7 - Patch, Vendor Advisory
References (MISC) https://bugs.ghostscript.com/show_bug.cgi?id=701844 - (MISC) https://bugs.ghostscript.com/show_bug.cgi?id=701844 - Exploit, Issue Tracking, Patch, Vendor Advisory

19 Aug 2022, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-08-19 23:15

Updated : 2023-12-19 06:15


NVD link : CVE-2020-27792

Mitre link : CVE-2020-27792

CVE.ORG link : CVE-2020-27792


JSON object : View

Products Affected

debian

  • debian_linux

artifex

  • ghostscript
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer