Vulnerability-Lookup

CVE-2020-14373 (GCVE-0-2020-14373)

Vulnerability from cvelistv5 – Published: 2020-09-03 17:54 – Updated: 2024-08-04 12:46

Summary

A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service.

Severity ?

No CVSS data available.

CWE

CWE-416 - Use After Free CWE-416

Assigner

redhat

References

URL

	Vendor	Product	Version
	n/a	ghostscript	Affected: 9.25

CVE-2020-14373

Vulnerability from osv_almalinux

Published

2021-05-18 06:14

Modified

2021-11-12 10:20

Summary

Moderate: ghostscript security, bug fix, and enhancement update

Details

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.

The following packages have been upgraded to a later upstream version: ghostscript (9.27). (BZ#1874523)

Security Fix(es):

ghostscript: use-after-free vulnerability in igc_reloc_struct_ptr() could result in DoS (CVE-2020-14373)
ghostscript: buffer overflow in lprn_is_black() in contrib/lips4/gdevlprn.c could result in a DoS (CVE-2020-16287)
ghostscript: buffer overflow in pj_common_print_page() in devices/gdevpjet.c could result in a DoS (CVE-2020-16288)
ghostscript: buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a DoS (CVE-2020-16290)
ghostscript: buffer overflow in contrib/gdevdj9.c could result in a DoS (CVE-2020-16291)
ghostscript: buffer overflow in mj_raster_cmd() in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16292)
ghostscript: NULL pointer dereference in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c could result in a DoS (CVE-2020-16293)
ghostscript: buffer overflow in epsc_print_page() in devices/gdevepsc.c could result in a DoS (CVE-2020-16294)
ghostscript: NULL pointer dereference in clj_media_size() in devices/gdevclj.c could result in a DoS (CVE-2020-16295)
ghostscript: buffer overflow in GetNumWrongData() in contrib/lips4/gdevlips.c could result in a DoS (CVE-2020-16296)
ghostscript: buffer overflow in FloydSteinbergDitheringC() in contrib/gdevbjca.c could result in a DoS (CVE-2020-16297)
ghostscript: buffer overflow in mj_color_correct() in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16298)
ghostscript: division by zero in bj10v_print_page() in contrib/japanese/gdev10v.c could result in a DoS (CVE-2020-16299)
ghostscript: buffer overflow in tiff12_print_page() in devices/gdevtfnx.c could result in a DoS (CVE-2020-16300)
ghostscript: buffer overflow in okiibm_print_page1() in devices/gdevokii.c could result in a DoS (CVE-2020-16301)
ghostscript: buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a privilege escalation (CVE-2020-16302)
ghostscript: use-after-free in xps_finish_image_path() in devices/vector/gdevxps.c could result in a privilege escalation (CVE-2020-16303)
ghostscript: buffer overflow in image_render_color_thresh() in base/gxicolor.c could result in a DoS (CVE-2020-16304)
ghostscript: NULL pointer dereference in devices/gdevtsep.c could result in a DoS (CVE-2020-16306)
ghostscript: NULL pointer dereference in devices/vector/gdevtxtw.c and psi/zbfont.c could result in a DoS (CVE-2020-16307)
ghostscript: buffer overflow in p_print_image() in devices/gdevcdj.c could result in a DoS (CVE-2020-16308)
ghostscript: buffer overflow in lxm5700m_print_page() in devices/gdevlxm.c could result in a DoS (CVE-2020-16309)
ghostscript: division by zero in dot24_print_page() in devices/gdevdm24.c could result in a DoS (CVE-2020-16310)
ghostscript: buffer overflow in GetNumSameData() in contrib/lips4/gdevlips.c could result in a DoS (CVE-2020-17538)
ghostscript: buffer overflow in cif_print_page() in devices/gdevcif.c could result in a DoS (CVE-2020-16289)
ghostscript: buffer overflow in pcx_write_rle() in contrib/japanese/gdev10v.c could result in a DoS (CVE-2020-16305)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "ghostscript"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.27-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "ghostscript-doc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.27-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "ghostscript-tools-dvipdf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.27-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "ghostscript-tools-fonts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.27-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "ghostscript-tools-printing"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.27-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "ghostscript-x11"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.27-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libgs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.27-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libgs-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.27-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.\n\nThe following packages have been upgraded to a later upstream version: ghostscript (9.27). (BZ#1874523)\n\nSecurity Fix(es):\n\n* ghostscript: use-after-free vulnerability in igc_reloc_struct_ptr() could result in DoS (CVE-2020-14373)\n\n* ghostscript: buffer overflow in lprn_is_black() in contrib/lips4/gdevlprn.c could result in a DoS (CVE-2020-16287)\n\n* ghostscript: buffer overflow in pj_common_print_page() in devices/gdevpjet.c could result in a DoS (CVE-2020-16288)\n\n* ghostscript: buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a DoS (CVE-2020-16290)\n\n* ghostscript: buffer overflow in contrib/gdevdj9.c could result in a DoS (CVE-2020-16291)\n\n* ghostscript: buffer overflow in mj_raster_cmd() in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16292)\n\n* ghostscript: NULL pointer dereference in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c could result in a DoS (CVE-2020-16293)\n\n* ghostscript: buffer overflow in epsc_print_page() in devices/gdevepsc.c could result in a DoS (CVE-2020-16294)\n\n* ghostscript: NULL pointer dereference in clj_media_size() in devices/gdevclj.c could result in a DoS (CVE-2020-16295)\n\n* ghostscript: buffer overflow in GetNumWrongData() in contrib/lips4/gdevlips.c could result in a DoS (CVE-2020-16296)\n\n* ghostscript: buffer overflow in FloydSteinbergDitheringC() in contrib/gdevbjca.c could result in a DoS (CVE-2020-16297)\n\n* ghostscript: buffer overflow in mj_color_correct() in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16298)\n\n* ghostscript: division by zero in bj10v_print_page() in contrib/japanese/gdev10v.c could result in a DoS (CVE-2020-16299)\n\n* ghostscript: buffer overflow in tiff12_print_page() in devices/gdevtfnx.c could result in a DoS (CVE-2020-16300)\n\n* ghostscript: buffer overflow in okiibm_print_page1() in devices/gdevokii.c could result in a DoS (CVE-2020-16301)\n\n* ghostscript: buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a privilege escalation (CVE-2020-16302)\n\n* ghostscript: use-after-free in xps_finish_image_path() in devices/vector/gdevxps.c could result in a privilege escalation (CVE-2020-16303)\n\n* ghostscript: buffer overflow in image_render_color_thresh() in base/gxicolor.c could result in a DoS (CVE-2020-16304)\n\n* ghostscript: NULL pointer dereference in devices/gdevtsep.c could result in a DoS (CVE-2020-16306)\n\n* ghostscript: NULL pointer dereference in devices/vector/gdevtxtw.c and psi/zbfont.c could result in a DoS (CVE-2020-16307)\n\n* ghostscript: buffer overflow in p_print_image() in devices/gdevcdj.c could result in a DoS (CVE-2020-16308)\n\n* ghostscript: buffer overflow in lxm5700m_print_page() in devices/gdevlxm.c could result in a DoS (CVE-2020-16309)\n\n* ghostscript: division by zero in dot24_print_page() in devices/gdevdm24.c could result in a DoS (CVE-2020-16310)\n\n* ghostscript: buffer overflow in GetNumSameData() in contrib/lips4/gdevlips.c could result in a DoS (CVE-2020-17538)\n\n* ghostscript: buffer overflow in cif_print_page() in devices/gdevcif.c could result in a DoS (CVE-2020-16289)\n\n* ghostscript: buffer overflow in pcx_write_rle() in contrib/japanese/gdev10v.c could result in a DoS (CVE-2020-16305)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2021:1852",
  "modified": "2021-11-12T10:20:56Z",
  "published": "2021-05-18T06:14:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2021-1852.html"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14373"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-16287"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-16288"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-16289"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-16290"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-16291"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-16292"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-16293"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-16294"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-16295"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-16296"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-16297"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-16298"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-16299"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-16300"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-16301"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-16302"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-16303"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-16304"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-16305"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-16306"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-16307"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-16308"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-16309"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-16310"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-17538"
    }
  ],
  "related": [
    "CVE-2020-14373",
    "CVE-2020-16287",
    "CVE-2020-16288",
    "CVE-2020-16290",
    "CVE-2020-16291",
    "CVE-2020-16292",
    "CVE-2020-16293",
    "CVE-2020-16294",
    "CVE-2020-16295",
    "CVE-2020-16296",
    "CVE-2020-16297",
    "CVE-2020-16298",
    "CVE-2020-16299",
    "CVE-2020-16300",
    "CVE-2020-16301",
    "CVE-2020-16302",
    "CVE-2020-16303",
    "CVE-2020-16304",
    "CVE-2020-16306",
    "CVE-2020-16307",
    "CVE-2020-16308",
    "CVE-2020-16309",
    "CVE-2020-16310",
    "CVE-2020-17538",
    "CVE-2020-16289",
    "CVE-2020-16305"
  ],
  "summary": "Moderate: ghostscript security, bug fix, and enhancement update"
}

GSD-2020-14373

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service.

Aliases

CVE-2020-14373

Aliases

CVE-2020-14373

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-14373",
    "description": "A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service.",
    "id": "GSD-2020-14373",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-14373.html",
      "https://access.redhat.com/errata/RHSA-2021:1852",
      "https://linux.oracle.com/cve/CVE-2020-14373.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-14373"
      ],
      "details": "A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service.",
      "id": "GSD-2020-14373",
      "modified": "2023-12-13T01:21:59.595321Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2020-14373",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ghostscript",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "9.25"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Use After Free CWE-416"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ece5cbbd9979cd35737b00e68267762d72feb2ea;hp=1ef5f08f2c2e27efa978f0010669ff22355c385f",
            "refsource": "MISC",
            "url": "https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ece5cbbd9979cd35737b00e68267762d72feb2ea;hp=1ef5f08f2c2e27efa978f0010669ff22355c385f"
          },
          {
            "name": "https://bugs.ghostscript.com/show_bug.cgi?id=702851",
            "refsource": "MISC",
            "url": "https://bugs.ghostscript.com/show_bug.cgi?id=702851"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1873239",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873239"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:artifex:ghostscript:9.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-14373"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ece5cbbd9979cd35737b00e68267762d72feb2ea;hp=1ef5f08f2c2e27efa978f0010669ff22355c385f",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ece5cbbd9979cd35737b00e68267762d72feb2ea;hp=1ef5f08f2c2e27efa978f0010669ff22355c385f"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1873239",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873239"
            },
            {
              "name": "https://bugs.ghostscript.com/show_bug.cgi?id=702851",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "https://bugs.ghostscript.com/show_bug.cgi?id=702851"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-09-10T14:46Z",
      "publishedDate": "2020-09-03T18:15Z"
    }
  }
}

GHSA-QPGP-38Q3-X9PP

Vulnerability from github – Published: 2022-05-24 17:27 – Updated: 2022-05-24 17:27

Details

A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-14373"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-03T18:15:00Z",
    "severity": "LOW"
  },
  "details": "A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service.",
  "id": "GHSA-qpgp-38q3-x9pp",
  "modified": "2022-05-24T17:27:17Z",
  "published": "2022-05-24T17:27:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14373"
    },
    {
      "type": "WEB",
      "url": "https://bugs.ghostscript.com/show_bug.cgi?id=702851"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873239"
    },
    {
      "type": "WEB",
      "url": "https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ece5cbbd9979cd35737b00e68267762d72feb2ea;hp=1ef5f08f2c2e27efa978f0010669ff22355c385f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2020-14373

Vulnerability from fkie_nvd - Published: 2020-09-03 18:15 - Updated: 2024-11-21 05:03

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service.

References

URL	Tags
secalert@redhat.com	https://bugs.ghostscript.com/show_bug.cgi?id=702851	Exploit, Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1873239	Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com	https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=ece5cbbd9979cd35737b00e68267762d72feb2ea%3Bhp=1ef5f08f2c2e27efa978f0010669ff22355c385f
af854a3a-2127-422b-91ae-364da2661108	https://bugs.ghostscript.com/show_bug.cgi?id=702851	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1873239	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=ece5cbbd9979cd35737b00e68267762d72feb2ea%3Bhp=1ef5f08f2c2e27efa978f0010669ff22355c385f

Impacted products

Vendor	Product	Version
artifex	ghostscript	9.25
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:artifex:ghostscript:9.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "C134B512-ABDC-4740-96F0-5BC4FB80B093",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un uso de la memoria previamente liberada en la funci\u00f3n  igc_reloc_struct_ptr() del archivo psi/igc.c de ghostscript-9.25.\u0026#xa0;Un atacante local podr\u00eda suministrar un archivo PDF especialmente dise\u00f1ado para causar una denegaci\u00f3n de servicio"
    }
  ],
  "id": "CVE-2020-14373",
  "lastModified": "2024-11-21T05:03:07.160",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-03T18:15:13.303",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://bugs.ghostscript.com/show_bug.cgi?id=702851"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873239"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=ece5cbbd9979cd35737b00e68267762d72feb2ea%3Bhp=1ef5f08f2c2e27efa978f0010669ff22355c385f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://bugs.ghostscript.com/show_bug.cgi?id=702851"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=ece5cbbd9979cd35737b00e68267762d72feb2ea%3Bhp=1ef5f08f2c2e27efa978f0010669ff22355c385f"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-14373 (GCVE-0-2020-14373)

CVE-2020-14373

Vulnerability from osv_almalinux

GSD-2020-14373

GHSA-QPGP-38Q3-X9PP

FKIE_CVE-2020-14373

Tags

Sightings

Nomenclature