CVE-2024-29509

Public on 2024-07-03
Modified on 2024-07-07
Description
Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle.
Severity
Medium severity
Medium
CVSS v3 Base Score
5.4
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 ghostscript Not Affected
Amazon Linux 2 - Core ghostscript Not Affected
Amazon Linux 2023 ghostscript 2024-08-01 ALAS2023-2024-692 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
NVD CVSSv3 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Red Hat: CVE-2024-29509 Mitre: CVE-2024-29509