What is CVE-2020-14373?

CVE-2020-14373 is a vulnerability that allows a local attacker to cause a denial of service in Ghostscript 9.25.

How does CVE-2020-14373 work?

CVE-2020-14373 is caused by a use after free vulnerability in igc_reloc_struct_ptr() of psi/igc.c in Ghostscript 9.25, which can be exploited by a specially crafted PDF file.

What is the severity of CVE-2020-14373?

The severity of CVE-2020-14373 is medium with a CVSS score of 5.5.

What is the affected software for CVE-2020-14373?

The affected software for CVE-2020-14373 is Ghostscript 9.25 running on Redhat Enterprise Linux 7.0 and 8.0.

How can CVE-2020-14373 be fixed?

CVE-2020-14373 can be fixed by updating Ghostscript to version 9.26.

Vulnerability/
CVE-2020-14373

medium

5.5

CWE

416

27/8/2020

3/9/2020

4/8/2024

CVE-2020-14373: Use After Free

First published: Thu Aug 27 2020(Updated: )

A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Artifex Ghostscript	=9.25
Redhat Enterprise Linux	=7.0
Redhat Enterprise Linux	=8.0

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=1873239

Remedy

https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ece5cbbd9979cd35737b00e68267762d72feb2ea;hp=1ef5f08f2c2e27efa978f0010669ff22355c385f

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-14373?
CVE-2020-14373 is a vulnerability that allows a local attacker to cause a denial of service in Ghostscript 9.25.
How does CVE-2020-14373 work?
CVE-2020-14373 is caused by a use after free vulnerability in igc_reloc_struct_ptr() of psi/igc.c in Ghostscript 9.25, which can be exploited by a specially crafted PDF file.
What is the severity of CVE-2020-14373?
The severity of CVE-2020-14373 is medium with a CVSS score of 5.5.
What is the affected software for CVE-2020-14373?
The affected software for CVE-2020-14373 is Ghostscript 9.25 running on Redhat Enterprise Linux 7.0 and 8.0.
How can CVE-2020-14373 be fixed?
CVE-2020-14373 can be fixed by updating Ghostscript to version 9.26.

collector/nvd-index
agent/type
agent/first-publish-date
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/references
agent/severity
agent/weakness
agent/author
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2020-14373
agent/software-canonical-lookup
agent/tags
agent/event
collector/mitre-cve
source/MITRE
vendor/artifex
canonical/artifex ghostscript
version/artifex ghostscript/9.25
vendor/redhat
canonical/redhat enterprise linux
version/redhat enterprise linux/7.0
version/redhat enterprise linux/8.0
package-manager/redhat

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.