First published: Thu Aug 13 2020(Updated: )
A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/ghostscript | <0:9.27-1.el8 | 0:9.27-1.el8 |
Artifex Ghostscript | =9.50 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =20.04 | |
redhat/ghostscript | <9.51 | 9.51 |
debian/ghostscript | 9.53.3~dfsg-7+deb11u7 10.0.0~dfsg-11+deb12u4 10.0.0~dfsg-11+deb12u5 10.04.0~dfsg-1 |
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=aadb53eb834b3def3ef68d78865ff87a68901804
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-16306 is a null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50.
CVE-2020-16306 allows a remote attacker to cause a denial of service via a crafted postscript file.
CVE-2020-16306 has a severity level of medium (5.5).
CVE-2020-16306 is fixed in GhostScript v9.51.
You can find more information about CVE-2020-16306 at the following references: [Reference 1](http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=aadb53eb834b3def3ef68d78865ff87a68901804), [Reference 2](https://bugs.ghostscript.com/show_bug.cgi?id=701821), [Reference 3](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1870166).