Arbitrary Code Execution Vulnerability in Artifex Ghostscript
CVE-2024-33871

8.8HIGH

Key Information:

Vendor: Artifex
Status: Ghostscript
Vendor: CVE Published:; 3 July 2024

🔔 Create Artifex Vulnerability Alert

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2024-33871?

A vulnerability exists in Artifex Ghostscript versions before 10.03.1, where attackers can execute arbitrary code by exploiting a weakness in the 'Driver' parameter for opvp and oprp devices. This vulnerability stems from the ability for the Driver parameter to accept arbitrary names for dynamic libraries, which can be manipulated through a specially crafted PostScript document. When exploited, this can lead to severe security risks, allowing unauthorized actions on the system.

News Articles

CVE-2024-33871 CVE-2024-41110

Multiple Flaws in Dell PowerProtect Allow System Compromise

Dell has released a Critical Security Update (DSA-2025-022) for its PowerProtect Data Domain (DD) systems to address multiple vulnerabilities.

thmubnail image

References

https://bugs.ghostscript.com/show_bug.cgi?id=707754

https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.gi...

https://www.openwall.com/lists/oss-security/2024/06/28/2

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Feb 4, 2025
📰
First article discovered by GBHackers News
Feb 4, 2025
Vulnerability published
Jul 3, 2024

CVE-2024-33871 Data

.