Security readout for executives and security teams
Plain-English summary
CVE-2020-27792 is a Ghostscript memory corruption flaw triggered when a user opens a crafted PDF. A successful attack could corrupt memory or cause denial of service, with high integrity and availability impact. The provided evidence does not show confirmed active exploitation.
Executive priority
Prioritize remediation where Ghostscript handles untrusted PDFs or supports business-critical document workflows. The issue is high severity, but available evidence indicates user interaction is required and does not establish active exploitation.
Technical view
The flaw is a heap-based buffer overwrite in Ghostscript's lp8000_print_page() function in gdevlp8k.c, classified as CWE-119. CVSS 3.1 is 7.1 with local attack vector, low complexity, no privileges, and required user interaction.
Likely exposure
Most relevant exposure is systems with Ghostscript installed that process PDFs, especially Red Hat Enterprise Linux 8 with the listed ghostscript package. Red Hat lists RHEL 9 as unaffected and RHEL 6/7 status as unknown in the provided data.
Exploitation context
Exploitation requires tricking a user into opening a crafted PDF. The source bundle marks KEV as false and provides no cited evidence of active exploitation, so this should not be treated as known exploited based on available evidence.
Researcher notes
Focus analysis on the gdevlp8k.c lp8000_print_page() heap overwrite and vendor backports. Avoid assuming broad product impact beyond Ghostscript packages and the operating system statuses named in the source bundle.
Mitigation direction
- Apply applicable vendor Ghostscript security updates from Red Hat or Debian guidance.
- Restrict Ghostscript processing to trusted PDFs until systems are updated.
- Isolate PDF conversion or printing workflows that process user-supplied files.
- Check Red Hat guidance for RHEL 6 and 7 status before assuming exposure.
- Track Ghostscript upstream fix references for package backport details.
Validation and detection
- Inventory hosts with the ghostscript package installed.
- Compare installed packages against vendor advisory status for each operating system.
- Confirm whether any services automatically process uploaded or emailed PDFs.
- Verify RHEL 8 systems have received the applicable RHSA update.
- Document RHEL 6 and 7 uncertainty if vendor status remains unclear.
Public sources used
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CWE-119: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Open ATT&CK lookupCVE-2020-27792 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- High
- CVSS
- 7.1 (3.1)
- Known Exploited
- No
- Published
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS vector scores
1 official scoreWe collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H1.85.2Primary CVE scoreVulnerability scoring details
Base CVSS 3.1 score
7.1HighVector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Source materials
- CVE List V5 sourceCVE List V5
- RHSA-2025:4362CVE reference · vendor-advisory, x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2020-27792CVE reference · vdb-entry, x_refsource_REDHAT
- RHBZ#2247179CVE reference · issue-tracking, x_refsource_REDHAT
- https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f6bc662909ab79e8fbe9822afb36e8a0eafc2b7CVE reference
- https://bugs.ghostscript.com/show_bug.cgi?id=701844CVE reference · x_refsource_MISC, x_transferred
- https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=4f6bc662909ab79e8fbe9822afb36e8a0eafc2b7CVE reference · x_refsource_MISC, x_transferred
- [debian-lts-announce] 20220903 [SECURITY] [DLA 3096-1] ghostscript security updateCVE reference · mailing-list, x_refsource_MLIST
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
