CVE-2024-29510

Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device...

CVE-2024-29511

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading and writing of error messages to arbitrary files via OCRLanguage. For example, exploitation can use debugfile /tmp/out and userpatternsfile /etc/passwd...

SUSE SLES12 Security Update : ghostscript (SUSE-SU-2024:2276-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2276-1 advisory. - CVE-2024-29510: Fixed an arbitrary path traversal when running in a permitted path bsc1226945. - CVE-2024-33870: Fixed a format...

Artifex Ghostscript Security Vulnerability

Artifex Ghostscript is a set of free software compiled by Artifex, Inc. based on Adobe, PostScript, and the Page Description Language for Portable Document Format PDL. A security vulnerability exists in Artifex Ghostscript prior to version 10.03.0, which is caused by a stack-based buffer overflow...

CVE-2024-29506

Artifex Ghostscript is affected by CVE-2024-29506: Ghostscript before 10.03.0 contains a stack-based buffer overflow in pdfi_apply_filter() triggered by a long PDF filter name. Impact, per available references, includes potential memory corruption with high-severity risk; exploitation details are...

CVE-2024-29506

Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfiapplyfilter function via a long PDF filter name...

CVE-2024-29509

Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword e.g., for runpdf has a \000 byte in the middle...

Artifex Ghostscript Security Vulnerability

Artifex Ghostscript is a set of free software compiled by Artifex, Inc. based on Adobe, PostScript, and the Page Description Language for Portable Document Format PDL. A security vulnerability exists in Artifex Ghostscript prior to version 10.03.0, which results from a heap-based overflow when...

CVE-2024-29509

Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword e.g., for runpdf has a \000 byte in the middle...

CVE-2024-29507

Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters...

CVE-2024-29506

Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfiapplyfilter function via a long PDF filter name...

VulnCheck KEV: CVE-2024-29510

Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device...

Artifex Ghostscript Security Vulnerability

Artifex Ghostscript is a free software package from Artifex, Inc. based on Adobe, PostScript, and the Portable Document Format page description language. A security vulnerability exists in Artifex Ghostscript versions prior to 10.03.1, which allows execution of arbitrary code via a custom driver...

Artifex Ghostscript Security Vulnerability

Artifex Ghostscript is a set of free software compiled by Artifex, Inc. based on Adobe, PostScript, and the Page Description Language for Portable Document Format PDL. A security vulnerability exists in Artifex Ghostscript versions prior to 10.03.1, which can be exploited to traverse paths to...

CVE-2024-33869

An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur via a crafted PostScript document because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command output filename...

CVE-2024-29507

CVE-2024-29507 affects Artifex Ghostscript prior to 10.03.0. The vulnerability is described in multiple sources as a heap-based pointer disclosure observable in a constructed BaseFont name within pdf_base_font_alloc, in addition to the already noted stack-based issues (CIDFSubstPath/CIDFSubstFont...

CVE-2024-29511

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading and writing of error messages to arbitrary files via OCRLanguage. For example, exploitation can use debugfile /tmp/out and userpatternsfile /etc/passwd...

CVE-2024-29509

Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword e.g., for runpdf has a \000 byte in the middle...

OPENSUSE-SU-2024:14090-1 ghostscript-10.03.1-1.1 on GA media

These are all security issues fixed in the ghostscript-10.03.1-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2024-5149

Name of the Vulnerable Software and Affected Versions: Artifex Ghostscript versions prior to 10.03.1 Artifex Ghostscript version 10.02.1 and earlier Description: The issue is related to incorrect restriction of the directory path name with limited access. Exploitation can allow a remote attacker ...