QwikSec

Security Database

CVE

CWE

Training

CVE-2020-15900

Published: Jul 28, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=log

x_refsource_MISC

https://github.com/ArtifexSoftware/ghostpdl/commits/master/psi/zstring.c

x_refsource_MISC

https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5d499272b95a6b890a1397e11d20937de000d31b

x_refsource_MISC

https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b

x_refsource_MISC

https://artifex.com/security-advisories/CVE-2020-15900

x_refsource_CONFIRM

openSUSE-SU-2020:1142

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2020:1146

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.