6.3

CVE-2024-29510

Exploit
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ArtifexGhostscript Version < 10.03.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 27.97% 0.979
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.3 1.8 4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

https://www.openwall.com/lists/oss-security/2024/07/03/7
Mailing List
https://bugs.ghostscript.com/show_bug.cgi?id=707662
Issue Tracking
https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/
Third Party Advisory
Exploit
https://www.vicarius.io/vsociety/posts/critical-vulnerability-in-ghostscript-cve-2024-29510
Third Party Advisory
Exploit