CVE-2020-21890 : Buffer Overflow vulnerability in clj_media

Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document.

Published 2023-08-22 19:16:19

Updated 2023-09-25 15:15:10

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowMemory CorruptionDenial of service

Products affected by CVE-2020-21890

Artifex » Ghostscript » Version: 9.50
cpe:2.3:a:artifex:ghostscript:9.50:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-21890

EPSS FAQ

1.21%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 78 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-21890

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-21890

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-21890

https://bugs.ghostscript.com/show_bug.cgi?id=701846

701846 – heap-buffer-overflow at devices/gdevclj.c:278 in clj_media_size
Exploit;Issue Tracking;Patch;Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/09/msg00029.html

[SECURITY] [DLA 3582-1] ghostscript security update

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-21890

Products affected by CVE-2020-21890

Exploit prediction scoring system (EPSS) score for CVE-2020-21890

CVSS scores for CVE-2020-21890

CWE ids for CVE-2020-21890

References for CVE-2020-21890