Lucene search
Redhat.comRH:CVE-2024-33870HistoryJun 24, 2024 - 4:23 p.m.
CVE-2024-33870
2024-06-2416:23:18
redhat.com
access.redhat.com
2
cve-2024-33870
ghostscript
arbitrary file access
validation flaw
A flaw was found in Ghostscript. When the gp_validate_path_len function validates a path, it distinguishes between absolute and relative paths. In the case of relative paths, it will check the path with and without the current-directory-prefix (“foo” and “./foo”). This does not take into account paths with a parent-directory-prefix. Therefore, a path like “…/…/foo” is also tested as “./…/…/foo” and if the current directory “./” is in the permitted paths, it will pass the check, which may allow arbitrary file access.
Related
alpinelinux
alpinelinux
CVE-2024-33870
2024-05-09 11:08:47
ubuntucve
ubuntucve
CVE-2024-33870
2024-05-09 00:00:00
debiancve
debiancve
CVE-2024-33870
2024-05-09 11:08:47
mageia
mageia
Updated ghostscript packages fix security vulnerabilities
2024-05-23 07:22:43
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0192)
2024-05-24 00:00:00
Ubuntu: Security Advisory (USN-6835-1)
2024-06-18 00:00:00
Debian: Security Advisory (DSA-5692-1)
2024-05-16 00:00:00
debian
debian
[SECURITY] [DSA 5692-1] ghostscript security update
2024-05-15 20:07:17
ubuntu
ubuntu
Ghostscript vulnerabilities
2024-06-17 00:00:00
nessus
nessus
Artifex Ghostscript < 10.03.1 Multiple Vulnerabilities
2024-06-13 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Ghostscript vulnerabilities (USN-6835-1)
2024-06-18 00:00:00
Debian dsa-5692 : ghostscript - security update
2024-05-16 00:00:00
osv
osv
ghostscript vulnerabilities
2024-06-17 17:35:07
ghostscript - security update
2024-05-15 00:00:00