CVE-2024-29511

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Artifex Ghostscript versions prior to 10.03.1

Description The Ghostscript software suite contains a directory traversal issue when using Tesseract for Optical Character Recognition (OCR). This allows for arbitrary file reading and writing of error messages to arbitrary files through the OCRLanguage parameter. Specifically, exploitation can occur via the debug file and user patterns file parameters. The API endpoints potentially involved are those utilizing OCR functionality. The vulnerable parameters are debug file and user patterns file.

Recommendations Versions prior to 10.03.1 should be updated to version 10.03.1 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-489

Related Identifiers

BDU:2024-05696

CVE-2024-29511

USN-6897-1

Affected Products

Artifex Ghostscript

Debian

Linuxmint

Ubuntu

CVE-2024-29511

Weakness Enumeration

Related Identifiers

Affected Products

References · 31