CVE-2020-16303

2020-08-1303:15:13

Alpine Linux Development Team

security.alpinelinux.org

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.006

Percentile

78.7%

JSON

A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.

OSVersionArchitecturePackageVersionFilename
Alpineedge-mainnoarchghostscript< 9.51-r0UNKNOWN
Alpine3.13-mainnoarchghostscript< 9.51-r0UNKNOWN
Alpine3.14-mainnoarchghostscript< 9.51-r0UNKNOWN
Alpine3.15-mainnoarchghostscript< 9.51-r0UNKNOWN
Alpine3.16-mainnoarchghostscript< 9.51-r0UNKNOWN
Alpine3.17-mainnoarchghostscript< 9.51-r0UNKNOWN
Alpine3.18-mainnoarchghostscript< 9.51-r0UNKNOWN
Alpine3.19-mainnoarchghostscript< 9.51-r0UNKNOWN
Alpine3.20-mainnoarchghostscript< 9.51-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-main	noarch	ghostscript	< 9.51-r0	UNKNOWN
Alpine	3.13-main	noarch	ghostscript	< 9.51-r0	UNKNOWN
Alpine	3.14-main	noarch	ghostscript	< 9.51-r0	UNKNOWN
Alpine	3.15-main	noarch	ghostscript	< 9.51-r0	UNKNOWN
Alpine	3.16-main	noarch	ghostscript	< 9.51-r0	UNKNOWN
Alpine	3.17-main	noarch	ghostscript	< 9.51-r0	UNKNOWN
Alpine	3.18-main	noarch	ghostscript	< 9.51-r0	UNKNOWN
Alpine	3.19-main	noarch	ghostscript	< 9.51-r0	UNKNOWN
Alpine	3.20-main	noarch	ghostscript	< 9.51-r0	UNKNOWN