CVE-2020-21890: 
Ghostscript vulnerability analysis and mitigation

A Buffer Overflow vulnerability was discovered in the clj_media_size function within devices/gdevclj.c in Artifex Ghostscript 9.50. This vulnerability was assigned CVE-2020-21890 and was publicly disclosed on August 22, 2023. The vulnerability affects Ghostscript, a PostScript and PDF interpreter, specifically version 9.50 (NVD, Ubuntu Security).

The vulnerability is classified as a heap-buffer-overflow that occurs in the clj_media_size function at line 278 in devices/gdevclj.c. It has been assigned a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is categorized as CWE-787 (Out-of-bounds Write) (NVD, Ghostscript Bug).

When exploited, this vulnerability allows remote attackers to cause a denial of service or potentially execute arbitrary code through the opening of a crafted PDF document. The high CVSS score indicates significant potential impacts on system confidentiality, integrity, and availability (NVD, Ubuntu Security).

The vulnerability has been fixed in various distributions and versions. Ubuntu has released patches for multiple versions: Ubuntu 20.04 (version 9.50~dfsg-5ubuntu4.10), Ubuntu 18.04 ESM, and Ubuntu 16.04 ESM. Debian has also addressed this in their security updates. The fix was implemented through a commit in the Ghostscript repository (Ubuntu Security, Debian LTS).