CVE-2024-29507

Public on 2024-07-03
Modified on 2024-07-07
Description
Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.
Severity
Medium severity
Medium
CVSS v3 Base Score
5.4
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 ghostscript Not Affected
Amazon Linux 2 - Core ghostscript Not Affected
Amazon Linux 2023 ghostscript 2024-08-01 ALAS2023-2024-692 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
NVD CVSSv3 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L