VDB
CVE-2020-15900
CVE-2020-15900
PUBLISHED
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.
EPSS 21.70% · 95.9th percentile
Risk Scores
EPSS Score
21.70%
95.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | ghostscript | 0, 9.27~dfsg+0-0ubuntu4, 9.50~dfsg-5ubuntu1 |
Timeline
- Jul 28, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Aug 4, 2024 CVE Updated
- Mar 17, 2025 EPSS Score
- Mar 19, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Apr 4, 2025 EPSS Score
- May 1, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-15900 third-party-advisory
- https://artifex.com/security-advisories/CVE-2020-15900 third-party-advisory
- https://ubuntu.com/security/notices/USN-4445-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-15900 third-party-advisory