Bugzilla – Bug 1219554
VUL-0: CVE-2020-36773: ghostscript,ghostscript-library: out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite)
Last modified: 2024-06-07 12:20:01 UTC
Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature). References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36773 https://bugs.ghostscript.com/show_bug.cgi?id=702229 https://bugzilla.opensuse.org/show_bug.cgi?id=1177922 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874 https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530 https://www.cve.org/CVERecord?id=CVE-2020-36773 https://bugzilla.redhat.com/show_bug.cgi?id=2262734
ghostscript-library is not affected. SUSE:ALP:Source:Standard:1.0/ghostscript is already fixed, and we already have submissions for SUSE:SLE-12:Update/ghostscript and SUSE:SLE-15:Update/ghostscript. Johannes, could you please add this CVE in the changlogs in you next submission for SUSE:SLE-12:Update/ghostscript and SUSE:SLE-15:Update/ghostscript?
Thomas Leroy, yes, in theory I can add this CVE to the RPM changlog entry but I fear in practice I may too easily miss this issue here in particular when my focus of mind is on something different (like fixing another security bug in Ghostscript). Is it perhaps somehow possible to set some kind of reminder or some dependency in bugzilla that this issue here needs also be done when a future issue for Ghostscript appears? (A dependency to future issues looks impossible to me.)
SUSE-SU-2024:0921-1: An update that solves one vulnerability and has one security fix can now be installed. Category: security (moderate) Bug References: 1219357, 1219554 CVE References: CVE-2020-36773 Maintenance Incident: [SUSE:Maintenance:32543](https://smelt.suse.de/incident/32543/) Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): ghostscript-9.52-23.71.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): ghostscript-9.52-23.71.1 SUSE Linux Enterprise Server 12 SP5 (src): ghostscript-9.52-23.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): ghostscript-9.52-23.71.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0920-1: An update that solves one vulnerability and has one security fix can now be installed. Category: security (moderate) Bug References: 1219357, 1219554 CVE References: CVE-2020-36773 Maintenance Incident: [SUSE:Maintenance:32541](https://smelt.suse.de/incident/32541/) Sources used: openSUSE Leap 15.5 (src): ghostscript-9.52-150000.185.1 Basesystem Module 15-SP5 (src): ghostscript-9.52-150000.185.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
All done, closing.