{"id":"MGASA-2020-0344","summary":"Updated ghostscript packages fix security vulnerabilities","details":"The updated packages fix security vulnerabilities:\n\nA buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16287)\n\nA buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16288)\n\nA buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16289)\n\nA buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16290)\n\nA buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software\nGhostScript v9.50 allows a remote attacker to cause a denial of service via\na crafted PDF file. (CVE-2020-16291)\n\nA buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16292)\n\nA null pointer dereference vulnerability in\ncompose_group_nonknockout_nonblend_isolated_allmask_common()\nin base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote\nattacker to cause a denial of service via a crafted PDF file. (CVE-2020-16293)\n\nA buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16294)\n\nA null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16295)\n\nA buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16296)\n\nA buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16297)\n\nA buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16298)\n\nA Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16299)\n\nA buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16300)\n\nA buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16301)\n\nA buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to escalate\nprivileges via a crafted PDF file. (CVE-2020-16302)\n\nA use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c\nof Artifex Software GhostScript v9.50 allows a remote attacker\nto escalate privileges via a crafted PDF file. (CVE-2020-16303)\n\nA buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c\nof Artifex Software GhostScript v9.50 allows a remote attacker\nto escalate privileges via a crafted eps file. (CVE-2020-16304)\n\nA buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause \na denial of service via a crafted PDF file. (CVE-2020-16305)\n\nA null pointer dereference vulnerability in devices/gdevtsep.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted postscript file. (CVE-2020-16306)\n\nA null pointer dereference vulnerability in devices/vector/gdevtxtw.c\nand psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote \nattacker to cause a denial of service via a crafted postscript file.\n(CVE-2020-16307)\n\nA buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16308)\n\nA buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted eps file. (CVE-2020-16309)\n\nA division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16310)\n\nA buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c \nof Artifex Software GhostScript v9.50 allows a remote attacker\nto cause a denial of service via a crafted PDF file. (CVE-2020-17538)\n","modified":"2026-04-16T00:10:07.315071737Z","published":"2020-08-25T08:13:25Z","upstream":["CVE-2020-16287","CVE-2020-16288","CVE-2020-16289","CVE-2020-16290","CVE-2020-16291","CVE-2020-16292","CVE-2020-16293","CVE-2020-16294","CVE-2020-16295","CVE-2020-16296","CVE-2020-16297","CVE-2020-16298","CVE-2020-16299","CVE-2020-16300","CVE-2020-16301","CVE-2020-16302","CVE-2020-16303","CVE-2020-16304","CVE-2020-16305","CVE-2020-16306","CVE-2020-16307","CVE-2020-16308","CVE-2020-16309","CVE-2020-16310","CVE-2020-17538"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0344.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=27169"},{"type":"WEB","url":"https://www.debian.org/lts/security/2020/dla-2335"}],"affected":[{"package":{"name":"ghostscript","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/ghostscript?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.27-1.6.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0344.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}