CVE-2020-27792
HIGHGhostscript < 9.50 - Heap-Based Buffer Overflow in lp8000_print_page
Title source: llmDescription
A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.
References (7)
Core 7
Core References
Patch
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f6bc662909ab79e8fbe9822afb36e8a0eafc2b7
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4362
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2020-27792
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2247179
Various Sources
https://bugs.ghostscript.com/show_bug.cgi?id=701844
Scores
CVSS v3
7.1
EPSS
0.0005
EPSS Percentile
16.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (2)
artifex/ghostscript
< 9.50
debian/debian_linux
10.0
Published
Aug 19, 2022
Tracked Since
Feb 18, 2026