MiracleLinux 8 : ghostscript-9.27-1.el8 (AXSA:2021-1898:02)

🗓️ 19 Jan 2026 00:00:00Reported by TenableType

Ghostscript use-after-free and buffer overflow DoS vulnerabilities (multiple CVEs) affect MiracleLinux 8.

Reporter	Title	Published	Views	Family All 590
Tenable Nessus	Amazon Linux 2 : ghostscript (ALAS-2023-2261)	20 Sep 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : ghostscript (ALAS-2023-2308)	20 Oct 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : ghostscript (ALAS-2023-1854)	6 Oct 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : ghostscript (ALAS-2023-1867)	25 Oct 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0141: ghostscript (ALINUX3-SA-2023:0141)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : ghostscript (ALSA-2021:1852)	9 Feb 202200:00	–	nessus
Tenable Nessus	CentOS 8 : ghostscript (CESA-2021:1852)	19 May 202100:00	–	nessus
Tenable Nessus	CentOS 8 : ghostscript (CESA-2023:7053)	14 Nov 202300:00	–	nessus
Tenable Nessus	Debian DLA-2335-1 : ghostscript security update	21 Aug 202000:00	–	nessus
Tenable Nessus	Debian DSA-4748-1 : ghostscript - security update	26 Aug 202000:00	–	nessus

Source	Link
tsn	www.tsn.miraclelinux.com/en/node/13080
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2021-1898:02.
##

include('compat.inc');

if (description)
{
  script_id(291744);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/19");

  script_cve_id(
    "CVE-2020-14373",
    "CVE-2020-16287",
    "CVE-2020-16288",
    "CVE-2020-16289",
    "CVE-2020-16290",
    "CVE-2020-16291",
    "CVE-2020-16292",
    "CVE-2020-16293",
    "CVE-2020-16294",
    "CVE-2020-16295",
    "CVE-2020-16296",
    "CVE-2020-16297",
    "CVE-2020-16298",
    "CVE-2020-16299",
    "CVE-2020-16300",
    "CVE-2020-16301",
    "CVE-2020-16302",
    "CVE-2020-16303",
    "CVE-2020-16304",
    "CVE-2020-16305",
    "CVE-2020-16306",
    "CVE-2020-16307",
    "CVE-2020-16308",
    "CVE-2020-16309",
    "CVE-2020-16310",
    "CVE-2020-17538"
  );

  script_name(english:"MiracleLinux 8 : ghostscript-9.27-1.el8 (AXSA:2021-1898:02)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2021-1898:02 advisory.

    * ghostscript: use-after-free vulnerability in igc_reloc_struct_ptr() could result in DoS (CVE-2020-14373)
      * ghostscript: buffer overflow in lprn_is_black() in contrib/lips4/gdevlprn.c could result in a DoS
    (CVE-2020-16287)
      * ghostscript: buffer overflow in pj_common_print_page() in devices/gdevpjet.c could result in a DoS
    (CVE-2020-16288)
      * ghostscript: buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a DoS
    (CVE-2020-16290)
      * ghostscript: buffer overflow in contrib/gdevdj9.c could result in a DoS (CVE-2020-16291)
      * ghostscript: buffer overflow in mj_raster_cmd() in contrib/japanese/gdevmjc.c could result in a DoS
    (CVE-2020-16292)
      * ghostscript: NULL pointer dereference in compose_group_nonknockout_nonblend_isolated_allmask_common()
    in base/gxblend.c could result in a DoS (CVE-2020-16293)
      * ghostscript: buffer overflow in epsc_print_page() in devices/gdevepsc.c could result in a DoS
    (CVE-2020-16294)
      * ghostscript: NULL pointer dereference in clj_media_size() in devices/gdevclj.c could result in a DoS
    (CVE-2020-16295)
      * ghostscript: buffer overflow in GetNumWrongData() in contrib/lips4/gdevlips.c could result in a DoS
    (CVE-2020-16296)
      * ghostscript: buffer overflow in FloydSteinbergDitheringC() in contrib/gdevbjca.c could result in a DoS
    (CVE-2020-16297)
      * ghostscript: buffer overflow in mj_color_correct() in contrib/japanese/gdevmjc.c could result in a DoS
    (CVE-2020-16298)
      * ghostscript: division by zero in bj10v_print_page() in contrib/japanese/gdev10v.c could result in a
    DoS (CVE-2020-16299)
      * ghostscript: buffer overflow in tiff12_print_page() in devices/gdevtfnx.c could result in a DoS
    (CVE-2020-16300)
      * ghostscript: buffer overflow in okiibm_print_page1() in devices/gdevokii.c could result in a DoS
    (CVE-2020-16301)
      * ghostscript: buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a
    privilege escalation (CVE-2020-16302)
      * ghostscript: use-after-free in xps_finish_image_path() in devices/vector/gdevxps.c could result in a
    privilege escalation (CVE-2020-16303)
      * ghostscript: buffer overflow in image_render_color_thresh() in base/gxicolor.c could result in a DoS
    (CVE-2020-16304)
      * ghostscript: NULL pointer dereference in devices/gdevtsep.c could result in a DoS (CVE-2020-16306)
      * ghostscript: NULL pointer dereference in devices/vector/gdevtxtw.c and psi/zbfont.c could result in a
    DoS (CVE-2020-16307)
      * ghostscript: buffer overflow in p_print_image() in devices/gdevcdj.c could result in a DoS
    (CVE-2020-16308)
      * ghostscript: buffer overflow in lxm5700m_print_page() in devices/gdevlxm.c could result in a DoS
    (CVE-2020-16309)
      * ghostscript: division by zero in dot24_print_page() in devices/gdevdm24.c could result in a DoS
    (CVE-2020-16310)
      * ghostscript: buffer overflow in GetNumSameData() in contrib/lips4/gdevlips.c could result in a DoS
    (CVE-2020-17538)
      * ghostscript: buffer overflow in cif_print_page() in devices/gdevcif.c could result in a DoS
    (CVE-2020-16289)
      * ghostscript: buffer overflow in pcx_write_rle() in contrib/japanese/gdev10v.c could result in a DoS
    (CVE-2020-16305)

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/13080");
  script_set_attribute(attribute:"solution", value:
"Update the affected ghostscript, ghostscript-x11 and / or libgs packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-16303");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"Moderate");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/08/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/11/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:ghostscript");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:ghostscript-x11");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:libgs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:8");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^8([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 8.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '8',
    'pkgs': [
      {'reference':'ghostscript-9.27-1.el8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'ghostscript-x11-9.27-1.el8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libgs-9.27-1.el8', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libgs-9.27-1.el8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ghostscript / ghostscript-x11 / libgs');
}

19 Jan 2026 00:00Current

6Medium risk

Vulners AI Score6

CVSS 26.8

CVSS 3.17.8

EPSS0.02807