Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:139052
[Rus]
Version
3
Class
patch
ALTXid
335207
Language
English
Severity
High
Title
DSA-4748-1 -- ghostscript -- security update
Description
Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed.
Family
unix
Platform
Debian 10
Product
ghostscript
Reference
VENDOR: DSA-4748-1
VENDOR: DSA-4748-1
Id:
DSA-4748-1
Reference:
https://www.debian.org/security/dsa-4748
CVE: CVE-2020-16287
CVE: CVE-2020-16287
Id:
CVE-2020-16287
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16287
Comment
: A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://bugs.ghostscript.com/show_bug.cgi?id=701785 (MISC)
[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update (MLIST)
DSA-4748 (DEBIAN)
GLSA-202008-20 (GENTOO)
USN-4469-1 (UBUNTU)
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=450da26a76286a8342ec0864b3d113856709f8f6 ()
CVE: CVE-2020-16288
CVE: CVE-2020-16288
Id:
CVE-2020-16288
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16288
Comment
: A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
120 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'))
References:
https://bugs.ghostscript.com/show_bug.cgi?id=701791 (MISC)
[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update (MLIST)
DSA-4748 (DEBIAN)
GLSA-202008-20 (GENTOO)
USN-4469-1 (UBUNTU)
http://git.ghostscript.com/?p=ghostpdl.git%3Bh=aba3375ac24f8e02659d9b1eb9093909618cdb9f ()
CVE: CVE-2020-16289
CVE: CVE-2020-16289
Id:
CVE-2020-16289
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16289
Comment
: A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://bugs.ghostscript.com/show_bug.cgi?id=701788 (MISC)
[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update (MLIST)
DSA-4748 (DEBIAN)
GLSA-202008-20 (GENTOO)
USN-4469-1 (UBUNTU)
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=d31e25ed5b130499e0d880e4609b1b4824699768 ()
CVE: CVE-2020-16290
CVE: CVE-2020-16290
Id:
CVE-2020-16290
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16290
Comment
: A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://bugs.ghostscript.com/show_bug.cgi?id=701786 (MISC)
[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update (MLIST)
DSA-4748 (DEBIAN)
GLSA-202008-20 (GENTOO)
USN-4469-1 (UBUNTU)
http://git.ghostscript.com/?p=ghostpdl.git%3Bh=93cb0c0adbd9bcfefd021d59c472388f67d3300d ()
CVE: CVE-2020-16291
CVE: CVE-2020-16291
Id:
CVE-2020-16291
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16291
Comment
: A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://bugs.ghostscript.com/show_bug.cgi?id=701787 (MISC)
[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update (MLIST)
DSA-4748 (DEBIAN)
GLSA-202008-20 (GENTOO)
USN-4469-1 (UBUNTU)
http://git.ghostscript.com/?p=ghostpdl.git%3Bh=4f73e8b4d578e69a17f452fa60d2130c5faaefd6 ()
CVE: CVE-2020-16292
CVE: CVE-2020-16292
Id:
CVE-2020-16292
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16292
Comment
: A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://bugs.ghostscript.com/show_bug.cgi?id=701793 (MISC)
[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update (MLIST)
DSA-4748 (DEBIAN)
GLSA-202008-20 (GENTOO)
USN-4469-1 (UBUNTU)
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=863ada11f9a942a622a581312e2be022d9e2a6f7 ()
CVE: CVE-2020-16293
CVE: CVE-2020-16293
Id:
CVE-2020-16293
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16293
Comment
: A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://bugs.ghostscript.com/show_bug.cgi?id=701795 (MISC)
[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update (MLIST)
DSA-4748 (DEBIAN)
GLSA-202008-20 (GENTOO)
USN-4469-1 (UBUNTU)
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=7870f4951bcc6a153f317e3439e14d0e929fd231 ()
CVE: CVE-2020-16294
CVE: CVE-2020-16294
Id:
CVE-2020-16294
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16294
Comment
: A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
120 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'))
References:
https://bugs.ghostscript.com/show_bug.cgi?id=701794 (MISC)
[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update (MLIST)
DSA-4748 (DEBIAN)
GLSA-202008-20 (GENTOO)
USN-4469-1 (UBUNTU)
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=89f58f1aa95b3482cadf6977da49457194ee5358 ()
CVE: CVE-2020-16295
CVE: CVE-2020-16295
Id:
CVE-2020-16295
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16295
Comment
: A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://bugs.ghostscript.com/show_bug.cgi?id=701796 (MISC)
[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update (MLIST)
DSA-4748 (DEBIAN)
GLSA-202008-20 (GENTOO)
USN-4469-1 (UBUNTU)
http://git.ghostscript.com/?p=ghostpdl.git%3Bh=2c2dc335c212750e0fb8ae157063bc06cafa8d3e ()
CVE: CVE-2020-16296
CVE: CVE-2020-16296
Id:
CVE-2020-16296
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16296
Comment
: A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://bugs.ghostscript.com/show_bug.cgi?id=701792 (MISC)
[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update (MLIST)
DSA-4748 (DEBIAN)
GLSA-202008-20 (GENTOO)
USN-4469-1 (UBUNTU)
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=9f39ed4a92578a020ae10459643e1fe72573d134 ()
CVE: CVE-2020-16297
CVE: CVE-2020-16297
Id:
CVE-2020-16297
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16297
Comment
: A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://bugs.ghostscript.com/show_bug.cgi?id=701800 (MISC)
[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update (MLIST)
DSA-4748 (DEBIAN)
GLSA-202008-20 (GENTOO)
USN-4469-1 (UBUNTU)
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=bf72f1a3dd5392ee8291e3b1518a0c2c5dc6ba39 ()
CVE: CVE-2020-16298
CVE: CVE-2020-16298
Id:
CVE-2020-16298
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16298
Comment
: A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
120 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'))
References:
https://bugs.ghostscript.com/show_bug.cgi?id=701799 (MISC)
[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update (MLIST)
DSA-4748 (DEBIAN)
GLSA-202008-20 (GENTOO)
USN-4469-1 (UBUNTU)
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=849e74e5ab450dd581942192da7101e0664fa5af ()
CVE: CVE-2020-16299
CVE: CVE-2020-16299
Id:
CVE-2020-16299
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16299
Comment
: A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
369 (Divide By Zero)
References:
https://bugs.ghostscript.com/show_bug.cgi?id=701801 (MISC)
[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update (MLIST)
DSA-4748 (DEBIAN)
GLSA-202008-20 (GENTOO)
USN-4469-1 (UBUNTU)
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=4fcbece46870 ()
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=19cebe708b9ee3d9e0f8bcdd79dbc6ef9ddc70d2 ()
CVE: CVE-2020-16300
CVE: CVE-2020-16300
Id:
CVE-2020-16300
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16300
Comment
: A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://bugs.ghostscript.com/show_bug.cgi?id=701807 (MISC)
[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update (MLIST)
DSA-4748 (DEBIAN)
GLSA-202008-20 (GENTOO)
USN-4469-1 (UBUNTU)
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=714e8995cd582d418276915cbbec3c70711fb19e ()
CVE: CVE-2020-16301
CVE: CVE-2020-16301
Id:
CVE-2020-16301
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16301
Comment
: A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
120 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'))
References:
https://bugs.ghostscript.com/show_bug.cgi?id=701808 (MISC)
[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update (MLIST)
DSA-4748 (DEBIAN)
GLSA-202008-20 (GENTOO)
USN-4469-1 (UBUNTU)
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=f54414c8b15b2c27d1dcadd92cfe84f6d15f18dc ()
CVE: CVE-2020-16302
CVE: CVE-2020-16302
Id:
CVE-2020-16302
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16302
Comment
: A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
120 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'))
References:
https://bugs.ghostscript.com/show_bug.cgi?id=701815 (MISC)
[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update (MLIST)
DSA-4748 (DEBIAN)
GLSA-202008-20 (GENTOO)
USN-4469-1 (UBUNTU)
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=366ad48d076c1aa4c8f83c65011258a04e348207 ()
CVE: CVE-2020-16303
CVE: CVE-2020-16303
Id:
CVE-2020-16303
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16303
Comment
: A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://bugs.ghostscript.com/show_bug.cgi?id=701818 (MISC)
[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update (MLIST)
DSA-4748 (DEBIAN)
GLSA-202008-20 (GENTOO)
USN-4469-1 (UBUNTU)
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=94d8955cb77 ()
CVE: CVE-2020-16304
CVE: CVE-2020-16304
Id:
CVE-2020-16304
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16304
Comment
: A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://bugs.ghostscript.com/show_bug.cgi?id=701816 (MISC)
[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update (MLIST)
DSA-4748 (DEBIAN)
GLSA-202008-20 (GENTOO)
USN-4469-1 (UBUNTU)
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=027c546e0dd11e0526f1780a7f3c2c66acffe209 ()
CVE: CVE-2020-16305
CVE: CVE-2020-16305
Id:
CVE-2020-16305
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16305
Comment
: A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://bugs.ghostscript.com/show_bug.cgi?id=701819 (MISC)
[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update (MLIST)
DSA-4748 (DEBIAN)
GLSA-202008-20 (GENTOO)
USN-4469-1 (UBUNTU)
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=2793769ff107d8d22dadd30c6e68cd781b569550 ()
CVE: CVE-2020-16306
CVE: CVE-2020-16306
Id:
CVE-2020-16306
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16306
Comment
: A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://bugs.ghostscript.com/show_bug.cgi?id=701821 (MISC)
[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update (MLIST)
DSA-4748 (DEBIAN)
GLSA-202008-20 (GENTOO)
USN-4469-1 (UBUNTU)
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=aadb53eb834b3def3ef68d78865ff87a68901804 ()
CVE: CVE-2020-16307
CVE: CVE-2020-16307
Id:
CVE-2020-16307
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16307
Comment
: A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://bugs.ghostscript.com/show_bug.cgi?id=701822 (MISC)
[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update (MLIST)
DSA-4748 (DEBIAN)
GLSA-202008-20 (GENTOO)
USN-4469-1 (UBUNTU)
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=407c98a38c3a6ac1681144ed45cc2f4fc374c91f ()
CVE: CVE-2020-16308
CVE: CVE-2020-16308
Id:
CVE-2020-16308
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16308
Comment
: A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://bugs.ghostscript.com/show_bug.cgi?id=701829 (MISC)
[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update (MLIST)
DSA-4748 (DEBIAN)
GLSA-202008-20 (GENTOO)
USN-4469-1 (UBUNTU)
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=af004276fd8f6c305727183c159b83021020f7d6 ()
CVE: CVE-2020-16309
CVE: CVE-2020-16309
Id:
CVE-2020-16309
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16309
Comment
: A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://bugs.ghostscript.com/show_bug.cgi?id=701827 (MISC)
[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update (MLIST)
DSA-4748 (DEBIAN)
GLSA-202008-20 (GENTOO)
USN-4469-1 (UBUNTU)
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a6f7464dddc689386668a38b92dfd03cc1b38a10 ()
CVE: CVE-2020-16310
CVE: CVE-2020-16310
Id:
CVE-2020-16310
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16310
Comment
: A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
369 (Divide By Zero)
References:
https://bugs.ghostscript.com/show_bug.cgi?id=701828 (MISC)
[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update (MLIST)
DSA-4748 (DEBIAN)
GLSA-202008-20 (GENTOO)
USN-4469-1 (UBUNTU)
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=eaba1d97b62831b42c51840cc8ee2bc4576c942e ()
CVE: CVE-2020-17538
CVE: CVE-2020-17538
Id:
CVE-2020-17538
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17538
Comment
: A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://bugs.ghostscript.com/show_bug.cgi?id=701792 (MISC)
[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update (MLIST)
DSA-4748 (DEBIAN)
GLSA-202008-20 (GENTOO)
USN-4469-1 (UBUNTU)
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=9f39ed4a92578a020ae10459643e1fe72573d134 ()
Content available only for registered users!
ovaldb@altx-soft.com