CVE-2024-29511

Published: Jul 3, 2024Modified: Apr 28, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.

Affected (1)

Products: Artifex: Ghostscript

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Artifex Ghostscript	Before 10.03.1

Related CWEs

Active Debug Code

The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.

References (6)

https://bugs.ghostscript.com/show_bug.cgi?id=707510

Source: cve@mitre.org

Issue Tracking

https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=3d4cfdc1a44

Source: cve@mitre.org

Broken Link

https://www.openwall.com/lists/oss-security/2024/07/03/7

Source: cve@mitre.org

Mailing List

https://bugs.ghostscript.com/show_bug.cgi?id=707510

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=3d4cfdc1a44

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://www.openwall.com/lists/oss-security/2024/07/03/7

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

Timeline

No history available yet.