Your submission was sent successfully! Close

CVE-2020-27792

Published: 19 August 2022

A heap-based buffer over write vulnerability was found in GhostScript's lp8000_print_page() function in gdevlp8k.c file. An attacker could trick a user to open a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.

Priority

Medium

CVSS 3 base score: 7.1

Status

Package Release Status
ghostscript
Launchpad, Ubuntu, Debian
bionic
Released (9.26~dfsg+0-0ubuntu0.18.04.17)
focal
Released (9.50~dfsg-5ubuntu4.6)
jammy Not vulnerable
(9.55.0~dfsg1-0ubuntu5)
kinetic Not vulnerable

trusty Ignored
(out of standard support)
upstream
Released (9.51~dfsg-1)
xenial
Released (9.26~dfsg+0-0ubuntu0.16.04.14+esm4)
Patches:
upstream: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4f6bc662909ab79e8fbe9822afb36e8a0eafc2b7