Fluid Attacks Database

Description

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	ghostscript	=10.0.0~dfsg-1 \|\| =10.0.0~dfsg-10 \|\| =10.0.0~dfsg-11 \|\| =10.0.0~dfsg-2 \|\| =10.0.0~dfsg-3 \|\| =10.0.0~dfsg-4 \|\| =10.0.0~dfsg-5 \|\| =10.0.0~dfsg-6 \|\| =10.0.0~dfsg-7 \|\| =10.0.0~dfsg-8 \|\| =10.0.0~dfsg-9 \|\| =10.01.2~dfsg-1 \|\| =10.02.0~dfsg-1 \|\| =10.02.0~dfsg-2 \|\| =10.02.1~dfsg-1 \|\| =10.02.1~dfsg-2 \|\| =10.02.1~dfsg-3 \|\| =10.03.0~dfsg-1 \|\| =10.03.1~dfsg-1 \|\| =10.03.1~dfsg-2 \|\| =10.03.1~dfsg~git20240518-1 \|\| =10.04.0~dfsg-1 \|\| =10.04.0~dfsg-2 \|\| =10.05.0~dfsg-1 \|\| =10.05.1~dfsg-1 \|\| =10.05.1~dfsg-2 \|\| =10.05.1~dfsg-3 \|\| =10.06.0~dfsg-1 \|\| =10.06.0~dfsg-2 \|\| =10.06.0~dfsg-3 \|\| =10.07.0~dfsg-1 \|\| =10.07.0~dfsg-2 \|\| =9.53.3~dfsg-7 \|\| =9.53.3~dfsg-7+deb11u1 \|\| =9.53.3~dfsg-7+deb11u10 \|\| =9.53.3~dfsg-7+deb11u11 \|\| =9.53.3~dfsg-7+deb11u2 \|\| =9.53.3~dfsg-7+deb11u3 \|\| =9.53.3~dfsg-7+deb11u4 \|\| =9.53.3~dfsg-7+deb11u5 \|\| =9.53.3~dfsg-7+deb11u6 \|\| =9.53.3~dfsg-7+deb11u7 \|\| =9.53.3~dfsg-7+deb11u8 \|\| =9.53.3~dfsg-7+deb11u9 \|\| =9.53.3~dfsg-8 \|\| =9.54.0~dfsg-1 \|\| =9.54.0~dfsg-2 \|\| =9.54.0~dfsg-3 \|\| =9.54.0~dfsg-4 \|\| =9.54.0~dfsg-5 \|\| =9.55.0~dfsg-1 \|\| =9.55.0~dfsg-2 \|\| =9.55.0~dfsg-3 \|\| =9.55.0~~rc1~dfsg-1 \|\| =9.56.0~dfsg-1 \|\| =9.56.0~~rc1~dfsg-1 \|\| =9.56.0~~rc2~dfsg-1 \|\| =9.56.1~dfsg-1	-
debian 12	ghostscript	=10.0.0~dfsg-11 \|\| =10.0.0~dfsg-11+deb12u1 \|\| =10.0.0~dfsg-11+deb12u2 \|\| =10.0.0~dfsg-11+deb12u3 \|\| =10.0.0~dfsg-11+deb12u4 \|\| =10.0.0~dfsg-11+deb12u5 \|\| =10.0.0~dfsg-11+deb12u6 \|\| =10.0.0~dfsg-11+deb12u7 \|\| =10.0.0~dfsg-11+deb12u8 \|\| =10.01.2~dfsg-1 \|\| =10.02.0~dfsg-1 \|\| =10.02.0~dfsg-2 \|\| =10.02.1~dfsg-1 \|\| =10.02.1~dfsg-2 \|\| =10.02.1~dfsg-3 \|\| =10.03.0~dfsg-1 \|\| =10.03.1~dfsg-1 \|\| =10.03.1~dfsg-2 \|\| =10.03.1~dfsg~git20240518-1 \|\| =10.04.0~dfsg-1 \|\| =10.04.0~dfsg-2 \|\| =10.05.0~dfsg-1 \|\| =10.05.1~dfsg-1 \|\| =10.05.1~dfsg-2 \|\| =10.05.1~dfsg-3 \|\| =10.06.0~dfsg-1 \|\| =10.06.0~dfsg-2 \|\| =10.06.0~dfsg-3 \|\| =10.07.0~dfsg-1 \|\| =10.07.0~dfsg-2	-
debian 13	ghostscript	>=0 <10.03.0~dfsg-1	10.03.0~dfsg-1
debian 14	ghostscript	>=0 <10.03.0~dfsg-1	10.03.0~dfsg-1

Aliases

1. CVE-2024-295112. NVD-2024-295113. OSV-DEBIAN-2024-295114. OSV-2024-295115. SECURITY-TRACKER-CVE-2024-29511

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.