CVE-2024-29509

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Artifex Ghostscript versions prior to 10.03.0

Description: The issue is related to a heap-based overflow when the PDFPassword parameter has a 000 byte in the middle, which can be exploited by a remote attacker to cause a denial of service.

Recommendations: For versions prior to 10.03.0, update to version 10.03.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the PDFPassword parameter to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALT-PU-2024-13477

ALT-PU-2024-14136

ALT-PU-2024-14302

BDU:2024-05557

CVE-2024-29509

DSA-5760-1

ROSA-SA-2025-2623

USN-6897-1

Affected Products

Alt Linux

Artifex Ghostscript

Astra Linux

Linuxmint

Ubuntu

CVE-2024-29509

Weakness Enumeration

Related Identifiers

Affected Products

References · 43