Products
Artifex Ghostscript
- before 10.03.1
Source
cve@mitre.org
Tags
CVE-2024-33871 details
Published : July 3, 2024, 7:15 p.m.
Last Modified : July 3, 2024, 7:15 p.m.
Last Modified : July 3, 2024, 7:15 p.m.
Description
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
References
| URL | Source |
|---|---|
| https://bugs.ghostscript.com/show_bug.cgi?id=707754 | cve@mitre.org |
| https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908 | cve@mitre.org |
| https://www.openwall.com/lists/oss-security/2024/06/28/2 | cve@mitre.org |
This website uses the NVD API, but is not approved or certified by it.