Vulnerability Details : CVE-2020-27792
A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.
Vulnerability category: OverflowMemory CorruptionDenial of service
Products affected by CVE-2020-27792
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-27792
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-27792
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H |
1.8
|
5.2
|
NIST | |
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H |
1.8
|
5.2
|
Red Hat, Inc. |
CWE ids for CVE-2020-27792
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
-
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().Assigned by: secalert@redhat.com (Secondary)
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by: secalert@redhat.com (Secondary)
References for CVE-2020-27792
-
https://access.redhat.com/security/cve/CVE-2020-27792
CVE-2020-27792- Red Hat Customer Portal
-
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f6bc662909ab79e8fbe9822afb36e8a0eafc2b7
-
https://bugs.ghostscript.com/show_bug.cgi?id=701844
Exploit;Issue Tracking;Patch;Vendor Advisory
-
https://lists.debian.org/debian-lts-announce/2022/09/msg00005.html
[SECURITY] [DLA 3096-1] ghostscript security updateMailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2247179
2247179 – (CVE-2020-27792) CVE-2020-27792 ghostscript: heap buffer over write vulnerability in GhostScript's lp8000_print_page() in gdevlp8k.c
-
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=4f6bc662909ab79e8fbe9822afb36e8a0eafc2b7
git.ghostscript.com Git
Jump to