Lucene search
Redhat.comRH:CVE-2024-29510HistoryJun 24, 2024 - 3:52 p.m.
CVE-2024-29510
2024-06-2415:52:09
redhat.com
access.redhat.com
3
ghostscript
uniprint device
format strings
data leakage
memory corruption
cve-2024-29510
A flaw was found in Ghostscript. The uniprint device allows the user to provide various string fragments as device options, which are later appended to the output file. Two parameters, upWriteComponentCommands and upYMoveCommand, are treated as format strings, specifically for gp_fprintf and gs_snprintf. This was designed for the user to include just one format specifier in the string, but there is no logic preventing arbitrary format strings with multiple specifiers from being used. In certain circumstances, an attacker may be able to exploit this to leak data from the stack and perform memory corruption.
Related
veracode
veracode
Remote Code Execution
2024-05-18 20:55:19
debiancve
debiancve
CVE-2024-29510
2024-05-09 11:08:46
ubuntucve
ubuntucve
CVE-2024-29510
2024-05-09 00:00:00
alpinelinux
alpinelinux
CVE-2024-29510
2024-05-09 11:08:46
mageia
mageia
Updated ghostscript packages fix security vulnerabilities
2024-05-23 07:22:43
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0192)
2024-05-24 00:00:00
Debian: Security Advisory (DSA-5692-1)
2024-05-16 00:00:00
Ubuntu: Security Advisory (USN-6835-1)
2024-06-18 00:00:00
debian
debian
[SECURITY] [DSA 5692-1] ghostscript security update
2024-05-15 20:07:17
ubuntu
ubuntu
Ghostscript vulnerabilities
2024-06-17 00:00:00
osv
osv
ghostscript vulnerabilities
2024-06-17 17:35:07
ghostscript - security update
2024-05-15 00:00:00
nessus
nessus
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Ghostscript vulnerabilities (USN-6835-1)
2024-06-18 00:00:00
Artifex Ghostscript < 10.03.1 Multiple Vulnerabilities
2024-06-13 00:00:00
Debian dsa-5692 : ghostscript - security update
2024-05-16 00:00:00