Alpine: multiple ghostscript packages: security update to 9.51-r0

high Tenable Cloud Security Plugin ID 423892

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software
GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in
v9.51. (CVE-2020-16303)

- A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software
GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is
fixed in v9.51. (CVE-2020-16287)

- A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software
GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is
fixed in v9.51. (CVE-2020-16288)

- A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript
v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in
v9.51. (CVE-2020-16289)

- A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software
GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is
fixed in v9.51. (CVE-2020-16290)

See Also

https://security.alpinelinux.org/vuln/CVE-2020-16287

https://security.alpinelinux.org/vuln/CVE-2020-16288

https://security.alpinelinux.org/vuln/CVE-2020-16289

https://security.alpinelinux.org/vuln/CVE-2020-16290

https://security.alpinelinux.org/vuln/CVE-2020-16291

https://security.alpinelinux.org/vuln/CVE-2020-16292

https://security.alpinelinux.org/vuln/CVE-2020-16293

https://security.alpinelinux.org/vuln/CVE-2020-16294

https://security.alpinelinux.org/vuln/CVE-2020-16295

https://security.alpinelinux.org/vuln/CVE-2020-16296

https://security.alpinelinux.org/vuln/CVE-2020-16297

https://security.alpinelinux.org/vuln/CVE-2020-16298

https://security.alpinelinux.org/vuln/CVE-2020-16299

https://security.alpinelinux.org/vuln/CVE-2020-16300

https://security.alpinelinux.org/vuln/CVE-2020-16301

https://security.alpinelinux.org/vuln/CVE-2020-16302

https://security.alpinelinux.org/vuln/CVE-2020-16303

https://security.alpinelinux.org/vuln/CVE-2020-16304

https://security.alpinelinux.org/vuln/CVE-2020-16305

https://security.alpinelinux.org/vuln/CVE-2020-16306

https://security.alpinelinux.org/vuln/CVE-2020-16307

https://security.alpinelinux.org/vuln/CVE-2020-16308

https://security.alpinelinux.org/vuln/CVE-2020-16309

https://security.alpinelinux.org/vuln/CVE-2020-16310

https://security.alpinelinux.org/vuln/CVE-2020-17538

Plugin Details

Severity: High

ID: 423892

Version: Revision 1.7

Type: Local

Published: 4/4/2025

Updated: 5/30/2025

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-16303

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 8/13/2020

Reference Information

CVE: CVE-2020-16287, CVE-2020-16288, CVE-2020-16289, CVE-2020-16290, CVE-2020-16291, CVE-2020-16292, CVE-2020-16293, CVE-2020-16294, CVE-2020-16295, CVE-2020-16296, CVE-2020-16297, CVE-2020-16298, CVE-2020-16299, CVE-2020-16300, CVE-2020-16301, CVE-2020-16302, CVE-2020-16303, CVE-2020-16304, CVE-2020-16305, CVE-2020-16306, CVE-2020-16307, CVE-2020-16308, CVE-2020-16309, CVE-2020-16310, CVE-2020-17538

IAVB: 2020-B-0046-S