Multiple vulnerabilities in Artifex Ghostscript
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2024-29508 CVE-2024-29507 CVE-2024-29506 CVE-2024-29509 |
| CWE-ID | CWE-122 CWE-121 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Ghostscript Universal components / Libraries / Libraries used by multiple products |
| Vendor | Artifex Software, Inc. |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU93815
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-29508
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the pdf_base_font_alloc() function. A remote attacker can pass specially crafted PDF file to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGhostscript: 9.00 - 10.02.1
CPE2.3- cpe:2.3:a:artifex_software:ghostscript:9.00:*:*:*:*:*:*:*
- cpe:2.3:a:artifex_software:ghostscript:9.01:*:*:*:*:*:*:*
- cpe:2.3:a:artifex_software:ghostscript:9.02:*:*:*:*:*:*:*
https://bugs.ghostscript.com/show_bug.cgi?id=707510
https://git.ghostscript.com/?p=ghostpdl.git%3Bh=ff1013a0ab485b66783b70145e342a82c670906a
https://www.openwall.com/lists/oss-security/2024/07/03/7
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Stack-based buffer overflow
EUVDB-ID: #VU93814
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-29507
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing the CIDFSubstPath and CIDFSubstFont parameters. A remote attacker can trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGhostscript: 9.00 - 10.02.1
CPE2.3- cpe:2.3:a:artifex_software:ghostscript:9.00:*:*:*:*:*:*:*
- cpe:2.3:a:artifex_software:ghostscript:9.01:*:*:*:*:*:*:*
- cpe:2.3:a:artifex_software:ghostscript:9.02:*:*:*:*:*:*:*
https://bugs.ghostscript.com/show_bug.cgi?id=707510
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=7745dbe24514
https://www.openwall.com/lists/oss-security/2024/07/03/7
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Stack-based buffer overflow
EUVDB-ID: #VU93813
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-29506
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the pdfi_apply_filter() function via a long PDF filter name. A remote attacker can pass a specially crafted file to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGhostscript: 9.00 - 10.02.1
CPE2.3- cpe:2.3:a:artifex_software:ghostscript:9.00:*:*:*:*:*:*:*
- cpe:2.3:a:artifex_software:ghostscript:9.01:*:*:*:*:*:*:*
- cpe:2.3:a:artifex_software:ghostscript:9.02:*:*:*:*:*:*:*
https://bugs.ghostscript.com/show_bug.cgi?id=707510
https://git.ghostscript.com/?p=ghostpdl.git%3Bh=77dc7f699beba606937b7ea23b50cf5974fa64b1
https://www.openwall.com/lists/oss-security/2024/07/03/7
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Heap-based buffer overflow
EUVDB-ID: #VU93812
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-29509
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary error when parsing passwords, when PDFPassword (e.g., for runpdf) has a 00 byte in the middle. A remote attacker can trick the victim to pass a specially crafted password to the application, trigger a heap-based buffer overflow and crash it.
Install updates from vendor's website.
Vulnerable software versionsGhostscript: 9.00 - 10.02.1
CPE2.3- cpe:2.3:a:artifex_software:ghostscript:9.00:*:*:*:*:*:*:*
- cpe:2.3:a:artifex_software:ghostscript:9.01:*:*:*:*:*:*:*
- cpe:2.3:a:artifex_software:ghostscript:9.02:*:*:*:*:*:*:*
https://bugs.ghostscript.com/show_bug.cgi?id=707510
https://git.ghostscript.com/?p=ghostpdl.git%3Bh=917b3a71fb20748965254631199ad98210d6c2fb
https://www.openwall.com/lists/oss-security/2024/07/03/7
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
