First published: Thu Aug 13 2020(Updated: )
A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/ghostscript | <0:9.27-1.el8 | 0:9.27-1.el8 |
Artifex Ghostscript | <9.52 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =20.04 | |
redhat/ghostscript | <9.51 | 9.51 |
debian/ghostscript | 9.53.3~dfsg-7+deb11u7 10.0.0~dfsg-11+deb12u4 10.0.0~dfsg-11+deb12u5 10.04.0~dfsg-1 |
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-16290.
The severity of CVE-2020-16290 is medium with a severity value of 5.5.
CVE-2020-16290 allows a remote attacker to cause a denial of service in Artifex Software GhostScript v9.50 through a crafted PDF file.
The buffer overflow vulnerability CVE-2020-16290 can be fixed by updating Artifex Software GhostScript to v9.51.
Yes, the references for CVE-2020-16290 are: [1](http://git.ghostscript.com/?p=ghostpdl.git;h=93cb0c0adbd9bcfefd021d59c472388f67d3300d), [2](https://bugs.ghostscript.com/show_bug.cgi?id=701786), [3](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1870150).