A heap-based buffer over write vulnerability was found in GhostScript's lp8000_print_page() function in gdevlp8k.c file. An attacker could trick a user to open a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service. Reference: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f6bc662909ab79e8fbe9822afb36e8a0eafc2b7
Created ghostscript tracking bugs for this issue: Affects: fedora-all [bug 2250779]
Is there a particular reason why this CVE from 2020 is filed now? Why is it marked "Affects: fedora-all" if it is marked "Fixed In Version: ghostscript 9.27" at the same time? That version is from 2019, and we had it in Fedora 29 already.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:4362 https://access.redhat.com/errata/RHSA-2025:4362