CVE-2020-16307 - A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex So

CVE-2020-16307

Summary

A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.

References

Vulnerable Configurations

cpe:2.3:a:artifex:ghostscript:9.50:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript:9.50:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

CVSS

Base:	4.3 (as of 29-06-2022 - 19:55)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

debian	DSA-4748
gentoo	GLSA-202008-20
misc	http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=407c98a38c3a6ac1681144ed45cc2f4fc374c91f https://bugs.ghostscript.com/show_bug.cgi?id=701822
mlist	[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update
ubuntu	USN-4469-1

Last major update

29-06-2022 - 19:55

Published

13-08-2020 - 03:15

Last modified

29-06-2022 - 19:55