CVE-2020-16300: Buffer Overflow
First published: Thu Aug 13 2020(Updated: )
A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ghostscript | <0:9.27-1.el8 | 0:9.27-1.el8 |
| redhat/ghostscript | <9.51 | 9.51 |
| Ghostscript | <9.52 | |
| Debian Linux | =9.0 | |
| Debian Linux | =10.0 | |
| Ubuntu | =16.04 | |
| Ubuntu | =18.04 | |
| Ubuntu | =20.04 | |
| debian/ghostscript | 9.53.3~dfsg-7+deb11u7 9.53.3~dfsg-7+deb11u10 10.0.0~dfsg-11+deb12u6 10.0.0~dfsg-11+deb12u7 10.05.0~dfsg-1 |
Remedy
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Remedy
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=714e8995cd582d418276915cbbec3c70711fb19e
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-16300 https://nvd.nist.gov/vuln/detail/CVE-2020-16300
- https://bugzilla.redhat.com/show_bug.cgi?id=1870169
- https://access.redhat.com/errata/RHSA-2021:1852
- https://access.redhat.com/security/cve/cve-2020-16300
- https://bugs.ghostscript.com/show_bug.cgi?id=701807
- https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=714e8995cd582d418276915cbbec3c70711fb19e
- https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html
- https://security.gentoo.org/glsa/202008-20
- https://usn.ubuntu.com/4469-1/
- https://www.debian.org/security/2020/dsa-4748
- https://launchpad.net/bugs/cve/CVE-2020-16300
- https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=714e8995cd582d418276915cbbec3c70711fb19e
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1870170
- https://security-tracker.debian.org/tracker/CVE-2020-16300
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16300
- https://nvd.nist.gov/vuln/detail/CVE-2020-16300
- https://ubuntu.com/security/CVE-2020-16300
Frequently Asked Questions
What is CVE-2020-16300?
CVE-2020-16300 is a buffer overflow vulnerability in Artifex Software GhostScript v9.50 that allows a remote attacker to cause a denial of service via a crafted PDF file.
What is the severity of CVE-2020-16300?
The severity of CVE-2020-16300 is medium, with a severity value of 5.5.
How can I fix CVE-2020-16300?
You can fix CVE-2020-16300 by updating to version 9.51 of Artifex Software GhostScript.
Where can I find more information about CVE-2020-16300?
You can find more information about CVE-2020-16300 at the following references: [link1], [link2], [link3].
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/remedy
- agent/references
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-16300
- agent/software-canonical-lookup
- agent/trending
- agent/source
- agent/author
- agent/last-modified-date
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/artifex
- canonical/ghostscript
- vendor/debian
- canonical/debian linux
- version/debian linux/9.0
- version/debian linux/10.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/16.04
- version/ubuntu/18.04
- version/ubuntu/20.04
- package-manager/debian