CVE-2020-27792: 
Ghostscript vulnerability analysis and mitigation

CVE-2020-27792 is a heap-based buffer overwrite vulnerability discovered in GhostScript's lp8000printpage() function within the gdevlp8k.c file. The vulnerability was reported in 2019 and publicly disclosed in August 2022. This security flaw affects GhostScript versions up to and including 9.50, impacting various Linux distributions including Debian, Ubuntu, and Red Hat systems (NVD, Ubuntu).

The vulnerability is classified as a heap-based buffer overflow issue occurring in the lp8000printpage() function. It received a CVSS v3.1 base score of 7.1 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H. The attack requires local access and user interaction, but no privileges, and can potentially result in high impact on integrity and availability (NVD, Red Hat).

When successfully exploited, this vulnerability can lead to memory corruption or a denial of service condition. The attack requires tricking a user into opening a specially crafted PDF file, which then triggers the heap buffer overflow (CVE, NVD).

The vulnerability has been fixed in various distributions through security updates. Debian 10 (Buster) received the fix in version 9.27~dfsg-2+deb10u6, Ubuntu has patched versions in multiple releases including 20.04 LTS (focal) with version 9.50~dfsg-5ubuntu4.6, and 18.04 LTS (bionic) with version 9.26~dfsg+0-0ubuntu0.18.04.17. The upstream fix was implemented in GhostScript through commit 4f6bc662909ab79e8fbe9822afb36e8a0eafc2b7 (Debian, Ubuntu).