Important: ghostscript

2023-09-1323:15:00

alas.aws.amazon.com

buffer overflow

ghostscript

pdf

update

cve-2020-21890

red hat

mitre

unix

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

34.0%

JSON

Issue Overview:

Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document. (CVE-2020-21890)

Affected Packages:

ghostscript

Issue Correction:
Run yum update ghostscript to update your system.

New Packages:

i686:  
    ghostscript-debuginfo-8.70-24.30.amzn1.i686  
    ghostscript-8.70-24.30.amzn1.i686  
    ghostscript-devel-8.70-24.30.amzn1.i686  
    ghostscript-doc-8.70-24.30.amzn1.i686  
  
src:  
    ghostscript-8.70-24.30.amzn1.src  
  
x86_64:  
    ghostscript-debuginfo-8.70-24.30.amzn1.x86_64  
    ghostscript-doc-8.70-24.30.amzn1.x86_64  
    ghostscript-8.70-24.30.amzn1.x86_64  
    ghostscript-devel-8.70-24.30.amzn1.x86_64

Additional References

Red Hat: CVE-2020-21890

Mitre: CVE-2020-21890

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686ghostscript-debuginfo< 8.70-24.30.amzn1ghostscript-debuginfo-8.70-24.30.amzn1.i686.rpm
Amazon Linux1i686ghostscript< 8.70-24.30.amzn1ghostscript-8.70-24.30.amzn1.i686.rpm
Amazon Linux1i686ghostscript-devel< 8.70-24.30.amzn1ghostscript-devel-8.70-24.30.amzn1.i686.rpm
Amazon Linux1i686ghostscript-doc< 8.70-24.30.amzn1ghostscript-doc-8.70-24.30.amzn1.i686.rpm
Amazon Linux1x86_64ghostscript-debuginfo< 8.70-24.30.amzn1ghostscript-debuginfo-8.70-24.30.amzn1.x86_64.rpm
Amazon Linux1x86_64ghostscript-doc< 8.70-24.30.amzn1ghostscript-doc-8.70-24.30.amzn1.x86_64.rpm
Amazon Linux1x86_64ghostscript< 8.70-24.30.amzn1ghostscript-8.70-24.30.amzn1.x86_64.rpm
Amazon Linux1x86_64ghostscript-devel< 8.70-24.30.amzn1ghostscript-devel-8.70-24.30.amzn1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	1	i686	ghostscript-debuginfo	< 8.70-24.30.amzn1	ghostscript-debuginfo-8.70-24.30.amzn1.i686.rpm
Amazon Linux	1	i686	ghostscript	< 8.70-24.30.amzn1	ghostscript-8.70-24.30.amzn1.i686.rpm
Amazon Linux	1	i686	ghostscript-devel	< 8.70-24.30.amzn1	ghostscript-devel-8.70-24.30.amzn1.i686.rpm
Amazon Linux	1	i686	ghostscript-doc	< 8.70-24.30.amzn1	ghostscript-doc-8.70-24.30.amzn1.i686.rpm
Amazon Linux	1	x86_64	ghostscript-debuginfo	< 8.70-24.30.amzn1	ghostscript-debuginfo-8.70-24.30.amzn1.x86_64.rpm
Amazon Linux	1	x86_64	ghostscript-doc	< 8.70-24.30.amzn1	ghostscript-doc-8.70-24.30.amzn1.x86_64.rpm
Amazon Linux	1	x86_64	ghostscript	< 8.70-24.30.amzn1	ghostscript-8.70-24.30.amzn1.x86_64.rpm
Amazon Linux	1	x86_64	ghostscript-devel	< 8.70-24.30.amzn1	ghostscript-devel-8.70-24.30.amzn1.x86_64.rpm