CVE-2020-16296: Buffer Overflow
First published: Thu Aug 13 2020(Updated: )
A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ghostscript | <0:9.27-1.el8 | 0:9.27-1.el8 |
| Artifex Ghostscript | <9.52 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =20.04 | |
| redhat/ghostscript | <9.51 | 9.51 |
| debian/ghostscript | 9.53.3~dfsg-7+deb11u7 10.0.0~dfsg-11+deb12u4 10.0.0~dfsg-11+deb12u5 10.04.0~dfsg-1 |
Remedy
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134
Remedy
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-16296 https://nvd.nist.gov/vuln/detail/CVE-2020-16296
- https://bugzilla.redhat.com/show_bug.cgi?id=1870175
- https://access.redhat.com/errata/RHSA-2021:1852
- https://access.redhat.com/security/cve/cve-2020-16296
- https://bugs.ghostscript.com/show_bug.cgi?id=701792
- https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134
- https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html
- https://security.gentoo.org/glsa/202008-20
- https://usn.ubuntu.com/4469-1/
- https://www.debian.org/security/2020/dsa-4748
- https://launchpad.net/bugs/cve/CVE-2020-16296
- https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=9f39ed4a92578a020ae10459643e1fe72573d134
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1870176
- https://security-tracker.debian.org/tracker/CVE-2020-16296
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16296
- https://nvd.nist.gov/vuln/detail/CVE-2020-16296
- https://ubuntu.com/security/CVE-2020-16296
Frequently Asked Questions
What is CVE-2020-16296?
CVE-2020-16296 is a buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50.
How does CVE-2020-16296 impact me?
CVE-2020-16296 allows a remote attacker to cause a denial of service via a crafted PDF file.
What is the severity of CVE-2020-16296?
CVE-2020-16296 has a severity rating of 5.5 (medium).
How do I fix CVE-2020-16296?
To fix CVE-2020-16296, you need to update to Artifex Software GhostScript v9.51.
Where can I find more information about CVE-2020-16296?
You can find more information about CVE-2020-16296 at the following references: [link1], [link2], [link3].
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-16296
- agent/remedy
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- package-manager/redhat
- vendor/artifex
- canonical/artifex ghostscript
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/20.04
- package-manager/debian