CVE-2024-29510

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-29510
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.

6.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://bugs.ghostscript.com/show_bug.cgi?id=707662 Issue Tracking
https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/ Exploit Third Party Advisory
https://www.openwall.com/lists/oss-security/2024/07/03/7 Mailing List
https://bugs.ghostscript.com/show_bug.cgi?id=707662 Issue Tracking
https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/ Exploit Third Party Advisory
https://www.openwall.com/lists/oss-security/2024/07/03/7 Mailing List
https://www.vicarius.io/vsociety/posts/critical-vulnerability-in-ghostscript-cve-2024-29510 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*
History

28 Apr 2025, 17:12

Type Values Removed Values Added
References () https://bugs.ghostscript.com/show_bug.cgi?id=707662 - () https://bugs.ghostscript.com/show_bug.cgi?id=707662 - Issue Tracking
References () https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/ - () https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/ - Exploit, Third Party Advisory
References () https://www.openwall.com/lists/oss-security/2024/07/03/7 - () https://www.openwall.com/lists/oss-security/2024/07/03/7 - Mailing List
References () https://www.vicarius.io/vsociety/posts/critical-vulnerability-in-ghostscript-cve-2024-29510 - () https://www.vicarius.io/vsociety/posts/critical-vulnerability-in-ghostscript-cve-2024-29510 - Exploit, Third Party Advisory
First Time Artifex ghostscript
Artifex
CPE cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*

21 Nov 2024, 09:08

Type Values Removed Values Added
References
  • () https://www.vicarius.io/vsociety/posts/critical-vulnerability-in-ghostscript-cve-2024-29510 -
References () https://bugs.ghostscript.com/show_bug.cgi?id=707662 - () https://bugs.ghostscript.com/show_bug.cgi?id=707662 -
References () https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/ - () https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/ -
References () https://www.openwall.com/lists/oss-security/2024/07/03/7 - () https://www.openwall.com/lists/oss-security/2024/07/03/7 -

08 Jul 2024, 14:18

Type Values Removed Values Added
CWE CWE-693
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.3

05 Jul 2024, 12:55

Type Values Removed Values Added
Summary
  • (es) Artifex Ghostscript anterior a 10.03.1 permite la corrupción de la memoria y una omisión MÁS SEGURA de la sandbox mediante la inyección de cadena de formato con un dispositivo uniprint.

03 Jul 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-03 19:15

Updated : 2025-04-28 17:12

NVD link : CVE-2024-29510

Mitre link : CVE-2024-29510

CVE.ORG link : CVE-2024-29510

JSON object : View

Products Affected

artifex

  • ghostscript
CWE
CWE-693

Protection Mechanism Failure