CVE-2024-29510

Name of the Vulnerable Software and Affected Versions Artifex Ghostscript versions prior to 10.03.1

Description The vulnerability in Artifex Ghostscript is related to a format string injection in the uniprint device, which can lead to memory corruption and allow an attacker to bypass the -dSAFER sandbox, executing code remotely. This vulnerability affects versions of Ghostscript prior to 10.03.1. The exploitation of this vulnerability can result in remote code execution, allowing attackers to execute arbitrary code on the vulnerable system. There are reports of this vulnerability being exploited in the wild, with attackers using EPS (PostScript) files camouflaged as JPG (image) files to gain shell access to vulnerable systems.

Recommendations To resolve the issue, update Artifex Ghostscript to version 10.03.1 or later. For versions prior to 10.03.1, consider disabling the uniprint device or restricting its use until the update can be applied. Additionally, monitor your systems for any signs of exploitation and consider implementing additional security measures to prevent remote code execution attacks.