CVE-2024-29510

CWE-693CWE-20 — Improper Input Validation9 documents8 sources
Severity
6.3MEDIUM
EPSS
8.2%
top 7.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Artifex Ghostscript
Timeline
PublishedJul 3

Description

Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:NExploitability: 1.8 | Impact: 4.0

Affected Packages2 packages

â–¶NVDartifex/ghostscript< 10.03.1
â–¶Debianghostscript< 9.53.3~dfsg-7+deb11u7+3

🔴Vulnerability Details

5
GHSA
GHSA-r824-gq56-gjgx: Artifex Ghostscript before 10↗2024-07-03
â–¶
OSV
CVE-2024-29510: Artifex Ghostscript before 10↗2024-07-03
â–¶
CVEList
CVE-2024-29510: Artifex Ghostscript before 10↗2024-07-03
â–¶
OSV
ghostscript vulnerabilities↗2024-06-17
â–¶
VulnCheck
Artifex Ghostscript SAFER Sandbox Bypass↗2024
â–¶

📋Vendor Advisories

3
Ubuntu
Ghostscript vulnerabilities↗2024-06-17
â–¶
Red Hat
ghostscript: format string injection leads to shell command execution (SAFER bypass)↗2024-05-16
â–¶
Debian
CVE-2024-29510: ghostscript - Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox b...↗2024
â–¶
CVE-2024-29510 (MEDIUM CVSS 6.3) | Artifex Ghostscript before 10.03.1 | cvebase.io