Out-of-bounds write in Ghostscript

#VU45846 Out-of-bounds write in Ghostscript

Published: 2020-08-13 | Updated: 2020-08-26

Vulnerability identifier: #VU45846

Vulnerability risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-16304

CWE-ID: CWE-787

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Ghostscript
Universal components / Libraries / Libraries used by multiple products

Vendor: Artifex Software, Inc.

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to execute arbitrary code on the system via a crafted eps file.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Ghostscript: 9.50

External links
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=027c546e0dd11e0526f1780a7f3c2c66acffe209
http://bugs.ghostscript.com/show_bug.cgi?id=701816
http://lists.debian.org/debian-lts-announce/2020/08/msg00032.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat Enterprise Linux 8 update for ghostscript

Out-of-bounds write in ghostscript (Alpine package)

Gentoo update for GPL Ghostscript

Debian update for ghostscript

Multiple vulnerabilities in Ghostscript