Bug 2247179 (CVE-2020-27792) - CVE-2020-27792 ghostscript: heap buffer over write vulnerability in GhostScript's lp8000_print_page() in gdevlp8k.c
Summary: CVE-2020-27792 ghostscript: heap buffer over write vulnerability in GhostScri...
Keywords:
Status: NEW
Alias: CVE-2020-27792
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2250779
Blocks: 2247177
TreeView+ depends on / blocked
 
Reported: 2023-10-31 06:18 UTC by Rohit Keshri
Modified: 2023-12-19 05:45 UTC (History)
4 users (show)

Fixed In Version: ghostscript 9.27
Doc Type: If docs needed, set a value
Doc Text:
A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Rohit Keshri 2023-10-31 06:18:15 UTC
A heap-based buffer over write vulnerability was found in GhostScript's lp8000_print_page() function in gdevlp8k.c file. An attacker could trick a user to open a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.

Reference:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f6bc662909ab79e8fbe9822afb36e8a0eafc2b7

Comment 4 Sandipan Roy 2023-11-21 06:00:23 UTC
Created ghostscript tracking bugs for this issue:

Affects: fedora-all [bug 2250779]

Comment 5 Michael J Gruber 2023-11-21 20:45:40 UTC
Is there a particular reason why this CVE from 2020 is filed now?
Why is it marked "Affects: fedora-all" if it is marked "Fixed In Version: ghostscript 9.27" at the same time? That version is from 2019, and we had it in Fedora 29 already.


Note You need to log in before you can comment on or make changes to this bug.