{"id":"CVE-2020-15900","details":"A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.","modified":"2026-04-02T04:48:46.947406Z","published":"2020-07-28T16:15:12.840Z","related":["SUSE-SU-2020:2095-1","SUSE-SU-2020:2097-1","openSUSE-SU-2020:1142-1","openSUSE-SU-2020:1146-1","openSUSE-SU-2024:10783-1"],"references":[{"type":"WEB","url":"https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5d499272b95a6b890a1397e11d20937de000d31b"},{"type":"WEB","url":"http://git.ghostscript.com/?p=ghostpdl.git%3Ba=log"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00004.html"},{"type":"ADVISORY","url":"https://artifex.com/security-advisories/CVE-2020-15900"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00006.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202008-20"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4445-1/"},{"type":"FIX","url":"https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b"},{"type":"FIX","url":"https://github.com/ArtifexSoftware/ghostpdl/commits/master/psi/zstring.c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/artifexsoftware/ghostpdl","events":[{"introduced":"0"},{"fixed":"5d499272b95a6b890a1397e11d20937de000d31b"}]},{"type":"GIT","repo":"https://github.com/artifexsoftware/ghostpdl","events":[{"introduced":"0"},{"fixed":"5d499272b95a6b890a1397e11d20937de000d31b"}]}],"versions":["chrisl-test","ghostpdl","ghostpdl-1.53","ghostpdl-1.54","ghostpdl-8.70","ghostpdl-8.71","ghostpdl-9.00","ghostpdl-9.01","ghostpdl-9.02","ghostpdl-9.03","ghostpdl-9.04","ghostpdl-9.05","ghostpdl-9.06","ghostpdl-9.07","ghostpdl-9.07rc1","ghostpdl-9.08","ghostpdl-9.08rc1","ghostpdl-9.09","ghostpdl-9.09rc1","ghostpdl-9.10","ghostpdl-9.10rc1","ghostpdl-9.12","ghostpdl-9.12rc1","ghostpdl-9.12rc2","ghostpdl-9.14","ghostpdl-9.15","ghostpdl-9.15rc1","ghostpdl-9.15rc2","ghostpdl-9.16","ghostpdl-9.16rc1","ghostpdl-9.16rc2","ghostpdl-9.17","ghostpdl-9.18","ghostpdl-9.18rc1","ghostpdl-9.18rc2","ghostpdl-9.19","ghostpdl-9.19rc1","ghostpdl-9.20","ghostpdl-9.20-regression-test","ghostpdl-9.20rc1","ghostpdl-9.20rc2","ghostpdl-9.21","ghostpdl-9.21rc1","ghostpdl-9.21rc2","ghostpdl-9.22","ghostpdl-9.22rc1","ghostpdl-9.22rc2","ghostpdl-9.23","ghostpdl-9.23rc1","ghostpdl-9.23rc2","ghostpdl-9.23rc3","ghostpdl-9.24","ghostpdl-9.24rc1","ghostpdl-9.24rc2","ghostpdl-9.24rc3","ghostpdl-9.25","ghostpdl-9.25_scanconvfixes","ghostpdl-9.25rc1","ghostpdl-9.26","ghostpdl-9.26a","ghostpdl-9.26rc1","ghostpdl-9.27","ghostpdl-9.27rc1","ghostpdl-9.27rc1_release_tests_001","ghostpdl-9.27rc1_release_tests_002","ghostpdl-9.27rc1_release_tests_003","ghostpdl-9.28rc1","ghostpdl-9.28rc2","ghostpdl-9.28rc3","ghostpdl-9.28rc4","ghostpdl-9.50","ghostpdl-9.51","ghostpdl-9.51rc1","ghostpdl-9.51rc2","ghostpdl-9.51rc2_test","ghostpdl-9.51rc2_test2","ghostpdl-9.51rc3","ghostpdl-9.52","ghostpdl-9.52-test-base-1","ghostpdl-9.52-test-base-2","ghostpdl-9.52-test-base-3","ghostpdl-9.52-test-base-4","ghostpdl-9.52-test-base-5","ghostpdl-9.52-test-base-6","ghostpdl-9.52.1","ghostpdl-ebuild","ghostscript-6.0","ghostscript-6.01","ghostscript-6.20","ghostscript-6.21","ghostscript-6.22","ghostscript-6.23","ghostscript-6.30","ghostscript-6.31","ghostscript-6.32","ghostscript-6.50","ghostscript-6.60","ghostscript-6.61","ghostscript-6.62","ghostscript-6.63","ghostscript-6.64","ghostscript-7.00","ghostscript-7.02","ghostscript-7.03","ghostscript-7.04","ghostscript-7.20","ghostscript-7.21","ghostscript-7.22","ghostscript-7.30","ghostscript-7.31","ghostscript-7.32","ghostscript-7.33","ghostscript-8.00","ghostscript-8.01","ghostscript-8.10","ghostscript-8.11","ghostscript-8.12","ghostscript-8.13","ghostscript-8.14","ghostscript-8.15","ghostscript-8.30","ghostscript-8.31","ghostscript-8.32","ghostscript-8.33","ghostscript-8.50","ghostscript-8.51","ghostscript-8.52","ghostscript-8.53","ghostscript-8.56","ghostscript-8.57","ghostscript-8.60","ghostscript-8.61","ghostscript-8.62","ghostscript-8.63","ghostscript-8.64","ghostscript-8.70","ghostscript-8.71","ghostscript-9.01","ghostscript-9.02","ghostscript-9.03","ghostscript-9.04","ghostscript-9.04rc1","ghostscript-9.05","ghostscript-9.06","ghostscript-9.07","ghostscript-9.08","ghostscript-9.09","ghostscript-9.10","ghostscript-9.12","ghostscript-9.14","ghostscript-9.15","ghostscript-9.16","ghostscript-9.17","ghostscript-9.18","ghostscript-9.19","ghostscript-9.20","ghostscript-9.21","ghostscript-9.22","ghostscript-9.23","ghostscript-9.24","ghostscript-9.25","ghostscript-9.26","ghostscript-9.27","ghostscript-9.50","ghostscript-9.51","ghostscript-9.52","gs9.28-temp-for-testing-tag","jbig2dec-0.12","jbig2dec-0.14"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15900.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.50"}]},{"events":[{"introduced":"0"},{"last_affected":"9.52"}]},{"events":[{"introduced":"0"},{"last_affected":"20.04"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]},{"events":[{"introduced":"0"},{"last_affected":"15.2"}]}],"vanir_signatures":[{"id":"CVE-2020-15900-2b0aa55f","source":"https://github.com/artifexsoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b","deprecated":false,"signature_version":"v1","signature_type":"Function","digest":{"length":988,"function_hash":"46940119944633808988474283792764943994"},"target":{"function":"search_impl","file":"psi/zstring.c"}},{"id":"CVE-2020-15900-a3bb7899","source":"https://github.com/artifexsoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b","deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["190536486911980564259186184284028251322","310639197693366512344773929327924035765","39712407557047782312763705291186047712","207635925999652990285057282992758349798","285190544700574057999012646783096917780","76464664580891842030516054201090584625","100906624819924311054212833575538464718","310528718498703024283454547331776211651","171002816041803318278104589197268229569","288390351824469318354059772346635214554"],"threshold":0.9},"target":{"file":"psi/zstring.c"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}