← Back

CVE-2024-29507

nvd nist
Published: Jul 3, 2024Modified: Apr 28, 2025

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Exploitability: 2.8 / Impact: 2.5
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.

Affected (1)

Products: Artifex: Ghostscript
Artifex
1 product
Ghostscript
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Ghostscript
Before 10.03.0

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (6)

Source: cve@mitre.org
Issue Tracking
Source: cve@mitre.org
Broken Link
Source: cve@mitre.org
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List

Timeline

No history available yet.