CVE-2020-27792

Ghostscript: heap buffer over write vulnerability in ghostscript's lp8000_print_page() in gdevlp8k.c

Published: 8/19/2022 Last updated: 11/20/2025 Reserved: 10/27/2020

A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	7.1	High	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Opam packages affected (1)

conf-ghostscript

Products affected (5)

Product	Vendor	Version
Red Hat Enterprise Linux 6	Red Hat	11.0.20 and earlier
Red Hat Enterprise Linux 7	Red Hat	Version 9.2.1.0 through 9.2.1.22, Version 9.4.0.0 through 9.4.0.13, Version 9.5.0.0 through 9.5.0.3
Red Hat Enterprise Linux 9	Red Hat	3.3.0 and earlier [fixed: 3.4.0 and later]
Red Hat Enterprise Linux 6	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	< fd4d8d139030dd2de97ef46d332673675ca8ad72

CVE-2020-27792

Ghostscript: heap buffer over write vulnerability in ghostscript's lp8000_print_page() in gdevlp8k.c

Metrics

Opam packages affected (1)

Products affected (5)

References (20)