Heap-Based Pointer Disclosure in Ghostscript Before 10.03.0

CVE-2024-29508

3.3LOW

Key Information

Vendor: Artifex
Status: Ghostscript
Vendor: CVE Published:; 3 July 2024

Summary

Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 3, 2024

Collectors

NVD Database