CVE-2020-16305: 
Ghostscript vulnerability analysis and mitigation

A buffer overflow vulnerability was discovered in Artifex Software GhostScript version 9.50, specifically in the pcxwriterle() function located in contrib/japanese/gdev10v.c. The vulnerability was identified in August 2020 and assigned CVE-2020-16305. The issue affects GhostScript installations prior to version 9.51, which includes the software as distributed in various Linux distributions (NVD, CVE).

The vulnerability is classified as a heap buffer overflow (CWE-787) with a CVSS v3.1 Base Score of 5.5 (MEDIUM). The attack vector requires local access (AV:L) with low attack complexity (AC:L), no privileges required (PR:N), and user interaction (UI:R). The scope is unchanged (S:U) with no impact on confidentiality (C:N) or integrity (I:N), but high impact on availability (A:H) (NVD).

When exploited, this vulnerability allows a remote attacker to cause a denial of service condition through a crafted PDF file. The buffer overflow occurs during the processing of PCX files, potentially leading to system crashes and service disruption (Ghostscript Bug).

The vulnerability has been fixed in GhostScript version 9.51. Users and administrators are advised to upgrade to this version or later. Multiple Linux distributions have released security updates to address this issue, including Ubuntu, Debian, and Gentoo (Ubuntu Notice, Debian Advisory, Gentoo Advisory).