CVE-2024-29508

2024-07-0318:15:04

Debian Security Bug Tracker

security-tracker.debian.org

artifex ghostscript

10.03.0

heap-based pointer disclosure

pdf_base_font_alloc

unix

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

21.8%

JSON

Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.

OSVersionArchitecturePackageVersionFilename
Debian12allghostscript< 10.0.0~dfsg-11+deb12u5ghostscript_10.0.0~dfsg-11+deb12u5_all.deb
Debian11allghostscript<= 9.53.3~dfsg-7+deb11u7ghostscript_9.53.3~dfsg-7+deb11u7_all.deb
Debian999allghostscript< 10.03.0~dfsg-1ghostscript_10.03.0~dfsg-1_all.deb
Debian13allghostscript< 10.03.0~dfsg-1ghostscript_10.03.0~dfsg-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	ghostscript	< 10.0.0~dfsg-11+deb12u5	ghostscript_10.0.0~dfsg-11+deb12u5_all.deb
Debian	11	all	ghostscript	<= 9.53.3~dfsg-7+deb11u7	ghostscript_9.53.3~dfsg-7+deb11u7_all.deb
Debian	999	all	ghostscript	< 10.03.0~dfsg-1	ghostscript_10.03.0~dfsg-1_all.deb
Debian	13	all	ghostscript	< 10.03.0~dfsg-1	ghostscript_10.03.0~dfsg-1_all.deb