Lucene search

Ubuntu.comUB:CVE-2024-29509

HistoryJul 03, 2024 - 12:00 a.m.

CVE-2024-29509

2024-07-0300:00:00

ubuntu.com

artifex ghostscript

pdfpassword

heap-based overflow

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

27.2%

JSON

Artifex Ghostscript before 10.03.0 has a heap-based overflow when
PDFPassword (e.g., for runpdf) has a \000 byte in the middle.

Bugs

<https://bugs.ghostscript.com/show_bug.cgi?id=707510>

Notes

Author	Note
mdeslaur	per Debian, introduced by: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=316c3a08269212f1005709da64efcb383f8f5ce0

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchghostscript< 9.55.0~dfsg1-0ubuntu5.9UNKNOWN
ubuntu24.04noarchghostscript< 10.02.1~dfsg1-0ubuntu7.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	22.04	noarch	ghostscript	< 9.55.0~dfsg1-0ubuntu5.9	UNKNOWN
ubuntu	24.04	noarch	ghostscript	< 10.02.1~dfsg1-0ubuntu7.3	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2024-29509

nvd.nist.gov/vuln/detail/CVE-2024-29509

security-tracker.debian.org/tracker/CVE-2024-29509

ubuntu.com/security/notices/USN-6897-1

www.cve.org/CVERecord?id=CVE-2024-29509

www.openwall.com/lists/oss-security/2024/07/03/7