CVE-2020-15900
CRITICALArtifex Ghostscript 9.50 and 9.52 - Memory Corruption via Non-Standard PostScript Operator
Title source: llmDescription
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.
References (9)
Core 9
Core References
Patch x_refsource_misc
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5d499272b95a6b890a1397e11d20937de000d31b
Patch x_refsource_misc
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=log
Patch, Third Party Advisory x_refsource_misc
https://github.com/ArtifexSoftware/ghostpdl/commits/master/psi/zstring.c
Patch, Third Party Advisory x_refsource_misc
https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b
Vendor Advisory x_refsource_confirm
https://artifex.com/security-advisories/CVE-2020-15900
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00004.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00006.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4445-1/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202008-20
Scores
CVSS v3
9.8
EPSS
0.1099
EPSS Percentile
93.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-191
CWE-787
Status
published
Products (5)
artifex/ghostscript
9.50
artifex/ghostscript
9.52
canonical/ubuntu_linux
20.04
opensuse/leap
15.1
opensuse/leap
15.2
Published
Jul 28, 2020
Tracked Since
Feb 18, 2026