CVE-2020-3951: 
VMware Workstation Player vulnerability analysis and mitigation

CVE-2020-3951 is a denial-of-service vulnerability discovered in VMware Workstation and Horizon Client for Windows, which was disclosed on March 17, 2020. The vulnerability is caused by a heap-overflow issue in Cortado Thinprint. This security flaw affects VMware Workstation 15.x on Windows and VMware Horizon Client for Windows 5.x and prior versions (VMware Advisory).

The vulnerability has been assigned a CVSSv3 base score of 3.2, placing it in the Low severity range. The issue specifically resides in the Cortado Thinprint component and manifests as a heap-overflow vulnerability. The vulnerability requires virtual printing to be enabled to be exploitable, which is not enabled by default on Workstation but is enabled by default on Horizon Client (VMware Advisory).

When successfully exploited, the vulnerability can create a denial-of-service condition of the Thinprint service running on the system where Workstation or Horizon Client is installed. This can affect the availability of printing services on the affected systems (VMware Advisory).

VMware has released patches to address this vulnerability. The fixed versions are VMware Workstation 15.5.2 and Horizon Client for Windows 5.4.0. No workarounds are available for this vulnerability, making patch installation the only remediation option (VMware Advisory).