PublicDateAtUSN: 2020-08-13 03:15:00 UTC
Candidate: CVE-2020-16288
PublicDate: 2020-08-13 03:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16288
 https://ubuntu.com/security/notices/USN-4469-1
Description:
 A buffer overflow vulnerability in pj_common_print_page() in
 devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote
 attacker to cause a denial of service via a crafted PDF file. This is fixed
 in v9.51.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://bugs.ghostscript.com/show_bug.cgi?id=701791
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]


Patches_ghostscript:
 upstream: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aba3375ac24f8e02659d9b1eb9093909618cdb9f
upstream_ghostscript: released (9.51~dfsg-1)
precise/esm_ghostscript: DNE
trusty_ghostscript: ignored (out of standard support)
trusty/esm_ghostscript: DNE
xenial_ghostscript: not-affected (code not present)
esm-infra/xenial_ghostscript: not-affected (code not present)
bionic_ghostscript: released (9.26~dfsg+0-0ubuntu0.18.04.13)
focal_ghostscript: released (9.50~dfsg-5ubuntu4.2)
devel_ghostscript: not-affected (9.51~dfsg-1)