Stack-based Buffer Overflow Vulnerability in Ghostscript
CVE-2024-29507

Currently unrated

Key Information:

Vendor: Artifex
Vendor: CVE Published:; 3 July 2024

Summary

A stack-based buffer overflow vulnerability exists in Artifex Ghostscript versions prior to 10.03.0. This vulnerability occurs when the parameters CIDFSubstPath and CIDFSubstFont are processed, which can lead to unintended behavior and potential exploitation of the software. An attacker could exploit this vulnerability by crafting malicious input that manipulates the buffer, leading to memory corruption and potentially allowing unauthorized access or control over the affected system. Users of Ghostscript are advised to upgrade to the latest version to mitigate any associated risks.

References

https://bugs.ghostscript.com/show_bug.cgi?id=707510

https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdif...

https://www.openwall.com/lists/oss-security/2024/07/03/7

Timeline

Vulnerability published
Jul 3, 2024