A heap-based buffer over write vulnerability was found in GhostScript's lp8000_print_page() function in gdevlp8k.c file. An attacker could trick a user to open a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | ghostscript | 2023-03-30 22:50 | ALAS-2023-1725 |
Amazon Linux 2 - Core | ghostscript | 2023-02-17 00:11 | ALAS2-2023-1947 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 7.1 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H |
NVD | CVSSv3 | 7.1 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H |