CVE-2020-27792

Summary

CVE	CVE-2020-27792
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-08-19 23:15:00 UTC
Updated	2023-12-19 06:15:00 UTC
Description	A heap-based buffer over write vulnerability was found in GhostScript's lp8000_print_page() function in gdevlp8k.c file. An attacker could trick a user to open a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Artifex	Ghostscript	All	All	All	All
Operating System	Debian	Debian Linux	10.0	All	All	All

References

Reference	Source	Link	Tags
701844 – heap-buffer-overflow at devices/gdevlp8k.c:330 in lp8000_print_page	MISC	bugs.ghostscript.com
[SECURITY] [DLA 3096-1] ghostscript security update	MLIST	lists.debian.org
git.ghostscript.com Git - ghostpdl.git/commitdiff	MISC	git.ghostscript.com
git.ghostscript.com Git - ghostpdl.git/commitdiff		git.ghostscript.com
2247179 – (CVE-2020-27792) CVE-2020-27792 ghostscript: heap buffer over write vulnerability in GhostScript's lp8000_print_page() in gdevlp8k.c		bugzilla.redhat.com
cve-details		access.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

180991 Debian Security Update for ghostscript (DLA 3096-1)
198965 Ubuntu Security Notification for Ghostscript Vulnerabilities (USN-5643-1)
354776 Amazon Linux Security Advisory for ghostscript : ALAS2-2023-1947
354856 Amazon Linux Security Advisory for ghostscript : ALAS-2023-1725
355071 Amazon Linux Security Advisory for ghostscript : AL2012-2023-395
673099 EulerOS Security Update for ghostscript (EulerOS-SA-2023-2144)