ADVISORY!
TLP : CLEAR
Date : 08/07/2024
REF NO : CERT / 2024/07/60
Ghostscript Remote Code Execution Vulnerability
Severity Level: Medium
Components Affected
- Versions piror to Ghostscript 10.03.1
Overview
A vulnerability was identified in Ghostscript. A remote attacker could exploit this vulnerability to trigger security restriction bypass and remote code execution on the targeted system.
Note:
Proof of concept exploit for CVE-2024-29510 exists on the internet.
To exploit the vulnerability, attackers require user interaction on the vulnerable system. Hence, the risk level is rated as Medium Risk.
Description
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.
Impact
- Remote Code Execution
- Security Restriction Bypass
Solution/ Workarounds
Before installation of the software, please visit the software manufacturer web-site for more details.
- The vendors have issued fixes. (Ghostscript 10.03.1)
Reference
Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.
Sri Lanka Computer Emergency Readiness Team | Coordination Centre
- Hotline : 101
- +94 11 269 1692
- Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
- General inquiry: cert@cert.gov.lk
- Security incidents: incidents@cert.gov.lk
- Social media incidents: report@cert.gov.lk
