Description
Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4Attack Vector: Local
Complexity: Low
Privileges: Low
User Interaction: None
Scope: Unchanged
Confidentiality: Low
Integrity: None
Availability: None
Affected Packages2 packages
🔴Vulnerability Details
5OSVghostscript vulnerabilities↗2025-07-08 OSVghostscript vulnerabilities↗2024-07-15 OSVCVE-2024-29508: Artifex Ghostscript before 10↗2024-07-03 CVEListCVE-2024-29508: Artifex Ghostscript before 10↗2024-07-03 GHSAGHSA-w2wv-53w9-5r3r: Artifex Ghostscript before 10↗2024-07-03 📋Vendor Advisories
4UbuntuGhostscript vulnerabilities↗2025-07-08 UbuntuGhostscript vulnerabilities↗2024-07-15 Red Hatghostscript: heap pointer leak in pdf_base_font_alloc()↗2024-07-03 DebianCVE-2024-29508: ghostscript - Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observab...↗2024