Fluid Attacks Database

Description

Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	ghostscript	=10.0.0~dfsg-11 \|\| =10.0.0~dfsg-11+deb12u1 \|\| =10.0.0~dfsg-11+deb12u2 \|\| =10.0.0~dfsg-11+deb12u3 \|\| >=0 <10.0.0~dfsg-11+deb12u4	10.0.0~dfsg-11+deb12u4
alpine v3.18	ghostscript	=10.0.0-r0 \|\| =10.0.0-r1 \|\| =10.0.0-r2 \|\| =10.01.0-r0 \|\| =10.01.0-r1 \|\| =10.01.1-r0 \|\| =10.01.1-r1 \|\| =10.01.2-r0 \|\| =10.02.0-r0 \|\| =8.64-r0 \|\| =8.70-r0 \|\| =8.71-r0 \|\| =8.71-r1 \|\| =8.71-r2 \|\| =8.71-r3 \|\| =8.71-r4 \|\| =9.00-r0 \|\| =9.00-r1 \|\| =9.00-r2 \|\| =9.04-r0 \|\| =9.05-r0 \|\| =9.05-r1 \|\| =9.06-r0 \|\| =9.06-r1 \|\| =9.06-r2 \|\| =9.06-r3 \|\| =9.07-r0 \|\| =9.09-r0 \|\| =9.09-r1 \|\| =9.10-r0 \|\| =9.10-r1 \|\| =9.15-r0 \|\| =9.15-r1 \|\| =9.16-r0 \|\| =9.16-r1 \|\| =9.16-r2 \|\| =9.18-r0 \|\| =9.19-r0 \|\| =9.19-r1 \|\| =9.20-r0 \|\| =9.20-r1 \|\| =9.21-r0 \|\| =9.21-r1 \|\| =9.21-r2 \|\| =9.21-r3 \|\| =9.22-r0 \|\| =9.24-r0 \|\| =9.25-r0 \|\| =9.25-r1 \|\| =9.26-r0 \|\| =9.26-r1 \|\| =9.26-r2 \|\| =9.27-r0 \|\| =9.27-r1 \|\| =9.27-r2 \|\| =9.27-r3 \|\| =9.27-r4 \|\| =9.50-r0 \|\| =9.51-r0 \|\| =9.52-r0 \|\| =9.53.1-r0 \|\| =9.53.2-r0 \|\| =9.53.3-r0 \|\| =9.54.0-r0 \|\| =9.54.0-r1 \|\| =9.55.0-r0 \|\| =9.56.1-r0 \|\| >=0 <10.04.0-r0	10.04.0-r0
alpine v3.19	ghostscript	=10.0.0-r0 \|\| =10.0.0-r1 \|\| =10.0.0-r2 \|\| =10.01.0-r0 \|\| =10.01.0-r1 \|\| =10.01.1-r0 \|\| =10.01.1-r1 \|\| =10.01.1-r2 \|\| =10.01.2-r0 \|\| =10.02.0-r0 \|\| =10.02.0-r1 \|\| =10.02.1-r0 \|\| =8.64-r0 \|\| =8.70-r0 \|\| =8.71-r0 \|\| =8.71-r1 \|\| =8.71-r2 \|\| =8.71-r3 \|\| =8.71-r4 \|\| =9.00-r0 \|\| =9.00-r1 \|\| =9.00-r2 \|\| =9.04-r0 \|\| =9.05-r0 \|\| =9.05-r1 \|\| =9.06-r0 \|\| =9.06-r1 \|\| =9.06-r2 \|\| =9.06-r3 \|\| =9.07-r0 \|\| =9.09-r0 \|\| =9.09-r1 \|\| =9.10-r0 \|\| =9.10-r1 \|\| =9.15-r0 \|\| =9.15-r1 \|\| =9.16-r0 \|\| =9.16-r1 \|\| =9.16-r2 \|\| =9.18-r0 \|\| =9.19-r0 \|\| =9.19-r1 \|\| =9.20-r0 \|\| =9.20-r1 \|\| =9.21-r0 \|\| =9.21-r1 \|\| =9.21-r2 \|\| =9.21-r3 \|\| =9.22-r0 \|\| =9.24-r0 \|\| =9.25-r0 \|\| =9.25-r1 \|\| =9.26-r0 \|\| =9.26-r1 \|\| =9.26-r2 \|\| =9.27-r0 \|\| =9.27-r1 \|\| =9.27-r2 \|\| =9.27-r3 \|\| =9.27-r4 \|\| =9.50-r0 \|\| =9.51-r0 \|\| =9.52-r0 \|\| =9.53.1-r0 \|\| =9.53.2-r0 \|\| =9.53.3-r0 \|\| =9.54.0-r0 \|\| =9.54.0-r1 \|\| =9.55.0-r0 \|\| =9.56.1-r0 \|\| >=0 <10.03.1-r0	10.03.1-r0
alpine v3.20	ghostscript	=10.0.0-r0 \|\| =10.0.0-r1 \|\| =10.0.0-r2 \|\| =10.01.0-r0 \|\| =10.01.0-r1 \|\| =10.01.1-r0 \|\| =10.01.1-r1 \|\| =10.01.1-r2 \|\| =10.01.2-r0 \|\| =10.02.0-r0 \|\| =10.02.0-r1 \|\| =10.02.1-r0 \|\| =8.64-r0 \|\| =8.70-r0 \|\| =8.71-r0 \|\| =8.71-r1 \|\| =8.71-r2 \|\| =8.71-r3 \|\| =8.71-r4 \|\| =9.00-r0 \|\| =9.00-r1 \|\| =9.00-r2 \|\| =9.04-r0 \|\| =9.05-r0 \|\| =9.05-r1 \|\| =9.06-r0 \|\| =9.06-r1 \|\| =9.06-r2 \|\| =9.06-r3 \|\| =9.07-r0 \|\| =9.09-r0 \|\| =9.09-r1 \|\| =9.10-r0 \|\| =9.10-r1 \|\| =9.15-r0 \|\| =9.15-r1 \|\| =9.16-r0 \|\| =9.16-r1 \|\| =9.16-r2 \|\| =9.18-r0 \|\| =9.19-r0 \|\| =9.19-r1 \|\| =9.20-r0 \|\| =9.20-r1 \|\| =9.21-r0 \|\| =9.21-r1 \|\| =9.21-r2 \|\| =9.21-r3 \|\| =9.22-r0 \|\| =9.24-r0 \|\| =9.25-r0 \|\| =9.25-r1 \|\| =9.26-r0 \|\| =9.26-r1 \|\| =9.26-r2 \|\| =9.27-r0 \|\| =9.27-r1 \|\| =9.27-r2 \|\| =9.27-r3 \|\| =9.27-r4 \|\| =9.50-r0 \|\| =9.51-r0 \|\| =9.52-r0 \|\| =9.53.1-r0 \|\| =9.53.2-r0 \|\| =9.53.3-r0 \|\| =9.54.0-r0 \|\| =9.54.0-r1 \|\| =9.55.0-r0 \|\| =9.56.1-r0 \|\| >=0 <10.03.1-r0	10.03.1-r0
alpine v3.21	ghostscript	=10.0.0-r0 \|\| =10.0.0-r1 \|\| =10.0.0-r2 \|\| =10.01.0-r0 \|\| =10.01.0-r1 \|\| =10.01.1-r0 \|\| =10.01.1-r1 \|\| =10.01.1-r2 \|\| =10.01.2-r0 \|\| =10.02.0-r0 \|\| =10.02.0-r1 \|\| =10.02.1-r0 \|\| =8.64-r0 \|\| =8.70-r0 \|\| =8.71-r0 \|\| =8.71-r1 \|\| =8.71-r2 \|\| =8.71-r3 \|\| =8.71-r4 \|\| =9.00-r0 \|\| =9.00-r1 \|\| =9.00-r2 \|\| =9.04-r0 \|\| =9.05-r0 \|\| =9.05-r1 \|\| =9.06-r0 \|\| =9.06-r1 \|\| =9.06-r2 \|\| =9.06-r3 \|\| =9.07-r0 \|\| =9.09-r0 \|\| =9.09-r1 \|\| =9.10-r0 \|\| =9.10-r1 \|\| =9.15-r0 \|\| =9.15-r1 \|\| =9.16-r0 \|\| =9.16-r1 \|\| =9.16-r2 \|\| =9.18-r0 \|\| =9.19-r0 \|\| =9.19-r1 \|\| =9.20-r0 \|\| =9.20-r1 \|\| =9.21-r0 \|\| =9.21-r1 \|\| =9.21-r2 \|\| =9.21-r3 \|\| =9.22-r0 \|\| =9.24-r0 \|\| =9.25-r0 \|\| =9.25-r1 \|\| =9.26-r0 \|\| =9.26-r1 \|\| =9.26-r2 \|\| =9.27-r0 \|\| =9.27-r1 \|\| =9.27-r2 \|\| =9.27-r3 \|\| =9.27-r4 \|\| =9.50-r0 \|\| =9.51-r0 \|\| =9.52-r0 \|\| =9.53.1-r0 \|\| =9.53.2-r0 \|\| =9.53.3-r0 \|\| =9.54.0-r0 \|\| =9.54.0-r1 \|\| =9.55.0-r0 \|\| =9.56.1-r0 \|\| >=0 <10.03.1-r0	10.03.1-r0
alpine v3.22	ghostscript	=10.0.0-r0 \|\| =10.0.0-r1 \|\| =10.0.0-r2 \|\| =10.01.0-r0 \|\| =10.01.0-r1 \|\| =10.01.1-r0 \|\| =10.01.1-r1 \|\| =10.01.1-r2 \|\| =10.01.2-r0 \|\| =10.02.0-r0 \|\| =10.02.0-r1 \|\| =10.02.1-r0 \|\| =8.64-r0 \|\| =8.70-r0 \|\| =8.71-r0 \|\| =8.71-r1 \|\| =8.71-r2 \|\| =8.71-r3 \|\| =8.71-r4 \|\| =9.00-r0 \|\| =9.00-r1 \|\| =9.00-r2 \|\| =9.04-r0 \|\| =9.05-r0 \|\| =9.05-r1 \|\| =9.06-r0 \|\| =9.06-r1 \|\| =9.06-r2 \|\| =9.06-r3 \|\| =9.07-r0 \|\| =9.09-r0 \|\| =9.09-r1 \|\| =9.10-r0 \|\| =9.10-r1 \|\| =9.15-r0 \|\| =9.15-r1 \|\| =9.16-r0 \|\| =9.16-r1 \|\| =9.16-r2 \|\| =9.18-r0 \|\| =9.19-r0 \|\| =9.19-r1 \|\| =9.20-r0 \|\| =9.20-r1 \|\| =9.21-r0 \|\| =9.21-r1 \|\| =9.21-r2 \|\| =9.21-r3 \|\| =9.22-r0 \|\| =9.24-r0 \|\| =9.25-r0 \|\| =9.25-r1 \|\| =9.26-r0 \|\| =9.26-r1 \|\| =9.26-r2 \|\| =9.27-r0 \|\| =9.27-r1 \|\| =9.27-r2 \|\| =9.27-r3 \|\| =9.27-r4 \|\| =9.50-r0 \|\| =9.51-r0 \|\| =9.52-r0 \|\| =9.53.1-r0 \|\| =9.53.2-r0 \|\| =9.53.3-r0 \|\| =9.54.0-r0 \|\| =9.54.0-r1 \|\| =9.55.0-r0 \|\| =9.56.1-r0 \|\| >=0 <10.03.1-r0	10.03.1-r0
debian 11	ghostscript	=9.53.3~dfsg-7 \|\| =9.53.3~dfsg-7+deb11u1 \|\| =9.53.3~dfsg-7+deb11u2 \|\| =9.53.3~dfsg-7+deb11u3 \|\| =9.53.3~dfsg-7+deb11u4 \|\| =9.53.3~dfsg-7+deb11u5 \|\| =9.53.3~dfsg-7+deb11u6 \|\| >=0 <9.53.3~dfsg-7+deb11u7	9.53.3~dfsg-7+deb11u7
debian 13	ghostscript	>=0 <10.03.1~dfsg~git20240518-1	10.03.1~dfsg~git20240518-1
debian 14	ghostscript	>=0 <10.03.1~dfsg~git20240518-1	10.03.1~dfsg~git20240518-1
alpine v3.23	ghostscript	=10.0.0-r0 \|\| =10.0.0-r1 \|\| =10.0.0-r2 \|\| =10.01.0-r0 \|\| =10.01.0-r1 \|\| =10.01.1-r0 \|\| =10.01.1-r1 \|\| =10.01.1-r2 \|\| =10.01.2-r0 \|\| =10.02.0-r0 \|\| =10.02.0-r1 \|\| =10.02.1-r0 \|\| =8.64-r0 \|\| =8.70-r0 \|\| =8.71-r0 \|\| =8.71-r1 \|\| =8.71-r2 \|\| =8.71-r3 \|\| =8.71-r4 \|\| =9.00-r0 \|\| =9.00-r1 \|\| =9.00-r2 \|\| =9.04-r0 \|\| =9.05-r0 \|\| =9.05-r1 \|\| =9.06-r0 \|\| =9.06-r1 \|\| =9.06-r2 \|\| =9.06-r3 \|\| =9.07-r0 \|\| =9.09-r0 \|\| =9.09-r1 \|\| =9.10-r0 \|\| =9.10-r1 \|\| =9.15-r0 \|\| =9.15-r1 \|\| =9.16-r0 \|\| =9.16-r1 \|\| =9.16-r2 \|\| =9.18-r0 \|\| =9.19-r0 \|\| =9.19-r1 \|\| =9.20-r0 \|\| =9.20-r1 \|\| =9.21-r0 \|\| =9.21-r1 \|\| =9.21-r2 \|\| =9.21-r3 \|\| =9.22-r0 \|\| =9.24-r0 \|\| =9.25-r0 \|\| =9.25-r1 \|\| =9.26-r0 \|\| =9.26-r1 \|\| =9.26-r2 \|\| =9.27-r0 \|\| =9.27-r1 \|\| =9.27-r2 \|\| =9.27-r3 \|\| =9.27-r4 \|\| =9.50-r0 \|\| =9.51-r0 \|\| =9.52-r0 \|\| =9.53.1-r0 \|\| =9.53.2-r0 \|\| =9.53.3-r0 \|\| =9.54.0-r0 \|\| =9.54.0-r1 \|\| =9.55.0-r0 \|\| =9.56.1-r0 \|\| >=0 <10.03.1-r0	10.03.1-r0

1-10 of 14

Aliases

1. CVE-2024-295102. NVD-2024-295103. OSV-DEBIAN-2024-295104. OSV-2024-295105. OSV-ALPINE-2024-295106. SECURITY-TRACKER-CVE-2024-295107. SECURITY-CVE-2024-29510

References

1. https://vulncheck.com/cve/CVE-2024-295102. https://github.com/swsmith2391/CVE-2024-295103. https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/fileformat/ghostscript_format_string_cve_2024_29510.rb

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.