Arbitrary Code Execution Vulnerability in Artifex Ghostscript
CVE-2024-33871
Currently unrated 🤨
Summary
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.
Timeline
Vulnerability published.
Collectors
NVD DatabaseMitre Database