CVE-2024-29511
EUVD-2024-2651403.07.2024, 19:15
Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| artifex | ghostscript | 𝑥 < 10.03.1 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| artifex | afpl_ghostscript | 𝑥 < 10.03.1 | ADP |
Debian Releases
Ubuntu Releases
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| ghostscript |
| ||||
| ghostscript-cups |
| ||||
| ghostscript-debuginfo |
| ||||
| ghostscript-debugsource |
| ||||
| ghostscript-doc |
| ||||
| ghostscript-gtk |
| ||||
| ghostscript-gtk-debuginfo |
| ||||
| ghostscript-tools-dvipdf |
| ||||
| ghostscript-tools-fonts |
| ||||
| ghostscript-tools-printing |
| ||||
| ghostscript-x11 |
| ||||
| ghostscript-x11-debuginfo |
| ||||
| libgs |
| ||||
| libgs-debuginfo |
| ||||
| libgs-devel |
|
Common Weakness Enumeration
References