Arbitrary Code Execution Vulnerability in Artifex Ghostscript
CVE-2024-33871

8.8HIGH

Key Information:

Vendor

Artifex
Status
Ghostscript
Vendor
CVE Published:
3 July 2024

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2024-33871?

A vulnerability exists in Artifex Ghostscript versions before 10.03.1, where attackers can execute arbitrary code by exploiting a weakness in the 'Driver' parameter for opvp and oprp devices. This vulnerability stems from the ability for the Driver parameter to accept arbitrary names for dynamic libraries, which can be manipulated through a specially crafted PostScript document. When exploited, this can lead to severe security risks, allowing unauthorized actions on the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

News Articles

favicon imageGBHackers News

Multiple Flaws in Dell PowerProtect Allow System Compromise

Dell has released a Critical Security Update (DSA-2025-022) for its PowerProtect Data Domain (DD) systems to address multiple vulnerabilities.

References

https://bugs.ghostscript.com/show_bug.cgi?id=707754
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.gi...
https://www.openwall.com/lists/oss-security/2024/06/28/2

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by GBHackers News

  • Vulnerability published

JSON
.