CVE-2024-29510

moderate-risk
Published 2024-07-03

Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.

Do I need to act?

~
8.2% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.3/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Artifex

References (7)

Issue Tracking https://bugs.ghostscript.com/show_bug.cgi?id=707662
Exploit https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-ex...
Mailing List https://www.openwall.com/lists/oss-security/2024/07/03/7
Issue Tracking https://bugs.ghostscript.com/show_bug.cgi?id=707662
Exploit https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-ex...
Mailing List https://www.openwall.com/lists/oss-security/2024/07/03/7
Exploit https://www.vicarius.io/vsociety/posts/critical-vulnerability-in-ghostscript-cve...
35
/ 100
moderate-risk
Severity 20/34 · Moderate
Exploitability 10/34 · Low
Exposure 5/34 · Minimal