Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-6835-1
HistoryJun 17, 2024 - 12:00 a.m.

Ghostscript vulnerabilities

2024-06-1700:00:00
ubuntu.com
8
ubuntu lts
ghostscript
postscript interpreter
pdf interpreter
safer mode
format-string vulnerability
path reduction
dynamic library.

8.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Releases

  • Ubuntu 24.04 LTS
  • Ubuntu 23.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS

Packages

  • ghostscript - PostScript and PDF interpreter

Details

It was discovered that Ghostscript did not properly restrict eexec
seeds to those specified by the Type 1 Font Format standard when
SAFER mode is used. An attacker could use this issue to bypass SAFER
restrictions and cause unspecified impact. (CVE-2023-52722)
This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10.

Thomas Rinsma discovered that Ghostscript did not prevent changes to
uniprint device argument strings after SAFER is activated, resulting
in a format-string vulnerability. An attacker could possibly use this
to execute arbitrary code. (CVE-2024-29510)

Zdenek Hutyra discovered that Ghostscript did not properly perform
path reduction when validating paths. An attacker could use this to
access file locations outside of those allowed by SAFER policy and
possibly execute arbitrary code. (CVE-2024-33869)

Zdenek Hutyra discovered that Ghostscript did not properly check
arguments when reducing paths. An attacker could use this to
access file locations outside of those allowed by SAFER policy.
(CVE-2024-33870)

Zdenek Hutyra discovered that the “Driver” parameter for Ghostscript’s
“opvp”/“oprp” device allowed specifying the name of an arbitrary dynamic
library to load. An attacker could use this to execute arbitrary code.
(CVE-2024-33871)

OSVersionArchitecturePackageVersionFilename
Ubuntu24.04noarchghostscript< 10.02.1~dfsg1-0ubuntu7.1UNKNOWN
Ubuntu24.04noarchghostscript-dbgsym< 10.02.1~dfsg1-0ubuntu7.1UNKNOWN
Ubuntu24.04noarchghostscript-doc< 10.02.1~dfsg1-0ubuntu7.1UNKNOWN
Ubuntu24.04noarchlibgs-common< 10.02.1~dfsg1-0ubuntu7.1UNKNOWN
Ubuntu24.04noarchlibgs-dev< 10.02.1~dfsg1-0ubuntu7.1UNKNOWN
Ubuntu24.04noarchlibgs10< 10.02.1~dfsg1-0ubuntu7.1UNKNOWN
Ubuntu24.04noarchlibgs10-common< 10.02.1~dfsg1-0ubuntu7.1UNKNOWN
Ubuntu24.04noarchlibgs10-dbgsym< 10.02.1~dfsg1-0ubuntu7.1UNKNOWN
Ubuntu23.10noarchghostscript< 10.01.2~dfsg1-0ubuntu2.3UNKNOWN
Ubuntu23.10noarchghostscript-dbgsym< 10.01.2~dfsg1-0ubuntu2.3UNKNOWN
Rows per page:
1-10 of 341

Related

debian 1
openvas 10
nessus 20
osv 4
mageia 2
redhatcve 5
debiancve 5
ubuntucve 5
alpinelinux 5
amazon 2
oraclelinux 2
almalinux 2
veracode 1
fedora 1
cvelist 1
cve 1
nvd 1
debian
debian
[SECURITY] [DSA 5692-1] ghostscript security update
2024-05-15 20:07:17
openvas
openvas
Ubuntu: Security Advisory (USN-6835-1)
2024-06-18 00:00:00
Debian: Security Advisory (DSA-5692-1)
2024-05-16 00:00:00
Mageia: Security Advisory (MGASA-2024-0192)
2024-05-24 00:00:00
nessus
nessus
Artifex Ghostscript < 10.03.1 Multiple Vulnerabilities
2024-06-13 00:00:00
Debian dsa-5692 : ghostscript - security update
2024-05-16 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Ghostscript vulnerabilities (USN-6835-1)
2024-06-18 00:00:00
osv
osv
ghostscript - security update
2024-05-15 00:00:00
ghostscript vulnerabilities
2024-06-17 17:35:07
Important: ghostscript security update
2024-06-20 00:00:00
mageia
mageia
Updated ghostscript packages fix security vulnerabilities
2024-05-23 07:22:43
Updated ghostscript packages fix security vulnerability
2024-05-16 20:29:32
redhatcve
redhatcve
CVE-2024-33870
2024-06-24 16:23:18
CVE-2024-33869
2024-06-24 16:22:28
CVE-2024-33871
2024-05-27 15:02:51
debiancve
debiancve
CVE-2024-33870
2024-05-09 11:08:47
CVE-2024-33869
2024-05-09 11:09:02
CVE-2023-52722
2024-04-28 00:15:07
ubuntucve
ubuntucve
CVE-2024-33869
2024-05-09 00:00:00
CVE-2024-33870
2024-05-09 00:00:00
CVE-2023-52722
2024-04-28 00:00:00
alpinelinux
alpinelinux
CVE-2024-33869
2024-05-09 11:09:02
CVE-2024-33870
2024-05-09 11:08:47
CVE-2024-33871
2024-05-09 11:08:47
amazon
amazon
Medium: ghostscript
2024-05-23 22:04:00
Important: ghostscript
2024-06-06 20:17:00
oraclelinux
oraclelinux
ghostscript security update
2024-06-20 00:00:00
ghostscript security update
2024-06-20 00:00:00
almalinux
almalinux
Important: ghostscript security update
2024-06-20 00:00:00
Important: ghostscript security update
2024-06-20 00:00:00
veracode
veracode
Remote Code Execution
2024-05-18 20:55:19
fedora
fedora
[SECURITY] Fedora 40 Update: ghostscript-10.02.1-9.fc40
2024-06-18 10:07:35
cvelist
cvelist
CVE-2023-52722
2024-04-27 00:00:00
cve
cve
CVE-2023-52722
2024-04-28 00:15:07
nvd
nvd
CVE-2023-52722
2024-04-28 00:15:07

8.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for USN-6835-1
debian1openvas10nessus20osv4mageia2redhatcve5debiancve5ubuntucve5alpinelinux5amazon2oraclelinux2almalinux2veracode1fedora1cvelist1cve1nvd1