CVE-2024-29510

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-29510
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.

6.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://bugs.ghostscript.com/show_bug.cgi?id=707662
https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/
https://www.openwall.com/lists/oss-security/2024/07/03/7
Configurations

No configuration.

History

No history.

Information

Published : 2024-07-03 19:15

Updated : 2024-07-08 14:18

NVD link : CVE-2024-29510

Mitre link : CVE-2024-29510

CVE.ORG link : CVE-2024-29510

JSON object : View

Products Affected

No product.

CWE
CWE-693

Protection Mechanism Failure