Vulnerability Description
A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Artifex | Ghostscript | <= 9.50 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2025:4362
- https://access.redhat.com/security/cve/CVE-2020-27792
- https://bugzilla.redhat.com/show_bug.cgi?id=2247179
- https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f6bc662909ab79e8fbe9
- https://access.redhat.com/security/cve/CVE-2020-27792
- https://bugs.ghostscript.com/show_bug.cgi?id=701844
- https://bugzilla.redhat.com/show_bug.cgi?id=2247179
- https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=4f6bc662909ab79e8
- https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f6bc662909ab79e8fbe9
- https://lists.debian.org/debian-lts-announce/2022/09/msg00005.html
FAQ
What is CVE-2020-27792?
CVE-2020-27792 is a vulnerability with a CVSS score of 7.1 (HIGH). A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file...
How severe is CVE-2020-27792?
CVE-2020-27792 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-27792?
Check the references section above for vendor advisories and patch information. Affected products include: Artifex Ghostscript, Debian Debian Linux.