Stack-Based Buffer Overflow in Ghostscript Prior to 10.03.0
CVE-2024-29506

8.8HIGH

Key Information:

Vendor: Artifex
Status: Ghostscript
Vendor: CVE Published:; 3 July 2024

What is CVE-2024-29506?

A stack-based buffer overflow vulnerability in Artifex Ghostscript arises from improper handling of long PDF filter names in the pdfi_apply_filter() function. This flaw permits potential attackers to exploit the overflow, leading to unpredictable behavior of the application, including possible execution of arbitrary code. Users of Ghostscript versions prior to 10.03.0 are encouraged to upgrade to the latest version to mitigate associated risks.

References

https://bugs.ghostscript.com/show_bug.cgi?id=707510

https://git.ghostscript.com/?p=ghostpdl.git%3Bh=77dc7f699...

https://www.openwall.com/lists/oss-security/2024/07/03/7

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2024