Lucene search

K
amazonAmazonALAS-2023-1835
HistorySep 13, 2023 - 11:15 p.m.

Important: ghostscript

2023-09-1323:15:00
alas.aws.amazon.com
13
buffer overflow
ghostscript
pdf
update
cve-2020-21890
red hat
mitre
unix

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

33.8%

Issue Overview:

Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document. (CVE-2020-21890)

Affected Packages:

ghostscript

Issue Correction:
Run yum update ghostscript to update your system.

New Packages:

i686:  
    ghostscript-debuginfo-8.70-24.30.amzn1.i686  
    ghostscript-8.70-24.30.amzn1.i686  
    ghostscript-devel-8.70-24.30.amzn1.i686  
    ghostscript-doc-8.70-24.30.amzn1.i686  
  
src:  
    ghostscript-8.70-24.30.amzn1.src  
  
x86_64:  
    ghostscript-debuginfo-8.70-24.30.amzn1.x86_64  
    ghostscript-doc-8.70-24.30.amzn1.x86_64  
    ghostscript-8.70-24.30.amzn1.x86_64  
    ghostscript-devel-8.70-24.30.amzn1.x86_64  

Additional References

Red Hat: CVE-2020-21890

Mitre: CVE-2020-21890

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

33.8%