CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-29506

Critical Severity
Artifex
SVRS
77/100
CVSSv3
8.8/10
EPSS
0.00071/1

CVE-2024-29506 is a high-severity vulnerability affecting Artifex Ghostscript before version 10.03.0, characterized by a stack-based buffer overflow. The vulnerability resides in the pdfi_apply_filter() function and is triggered by an excessively long PDF filter name. This buffer overflow can lead to arbitrary code execution.

Although the CVSS score is 8.8 (High), the SOCRadar Vulnerability Risk Score (SVRS) of 77 indicates a significant risk, suggesting potential for active exploitation. While not in the critical range (above 80), the proximity to the threshold and its presence "In The Wild" amplifies the need for prompt patching and mitigation strategies. The presence of CWE-787 further clarifies the nature of the memory corruption leading to potential system compromise. Organizations utilizing Ghostscript should prioritize updating to version 10.03.0 or later to eliminate this attack vector and prevent potential breaches. Ignoring this could result in significant system instability and data compromise.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:R
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-07-03
LAST MODIFIED2024-08-02

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-29506 | Artifex Ghostscript up to 10.2.x PDF Filter Name pdfi_apply_filter stack-based overflow
vuldb.com2025-03-21
CVE-2024-29506 | Artifex Ghostscript up to 10.2.x PDF Filter Name pdfi_apply_filter stack-based overflow | A vulnerability was found in Artifex Ghostscript up to 10.2.x and classified as critical. Affected by this issue is the function pdfi_apply_filter of the component PDF Filter Name Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as <a href="https://vuldb.com
vuldb.com
rss
forum
news
USN-6897-1: Ghostscript vulnerabilities
2024-07-15
USN-6897-1: Ghostscript vulnerabilities | It was discovered that Ghostscript incorrectly handled certain long PDF filter names. An attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-29506) It was discovered that Ghostscript incorrectly handled certain API parameters. An attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-29507) It was discovered that Ghostscript incorrectly handled certain BaseFont names. An attacker could
ubuntu.com
rss
forum
news
Critical Ghostscript flaw exploited in the wild. Patch it now!
Pierluigi Paganini2024-07-08
Critical Ghostscript flaw exploited in the wild. Patch it now! | Threat actors are exploiting Ghostscript vulnerability CVE-2024-29510 to bypass the sandbox and achieve remote code execution. Threat actors are actively exploiting a Ghostscript vulnerability, tracked as CVE-2024-29510, that can allow them to escape the &#8211;dSAFER sandbox and achieve remote code execution. Ghostscript is an interpreter for the PostScript language and for PDF files. It is [&#8230;] Threat actors are exploiting
darkshadow
oro0lxy
securityaffairs.co
rss

Social Media

We've published the final part of our research into Ghostscript, leading to CVE-2024-29506, CVE-2024-29507, CVE-2024-29508, and CVE-2024-29509. Not as practically exploitable as the previous ones, but just as fun to find, hope you enjoy. https://t.co/Rc7sPXLXqJ
1
0
1
Stay secure! 🛡️ New Ghostscript vulnerabilities (CVE-2024-29506 to CVE-2024-29511) impact Ubuntu LTS releases. Get all the details and advice on how to protect your systems here: https://t.co/Z276b2xQVD #CyberSecurity #Ubuntu
0
0
0
CVE-2024-29506 Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name. https://t.co/5MPgMdTNIx
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppArtifexghostscript

References

ReferenceLink
[email protected]https://bugs.ghostscript.com/show_bug.cgi?id=707510
[email protected]https://git.ghostscript.com/?p=ghostpdl.git%3Bh=77dc7f699beba606937b7ea23b50cf5974fa64b1
[email protected]https://www.openwall.com/lists/oss-security/2024/07/03/7
GITHUBhttps://bugs.ghostscript.com/show_bug.cgi?id=707510
GITHUBhttps://www.openwall.com/lists/oss-security/2024/07/03/7

CWE Details

CWE IDCWE NameDescription
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
CWE-787Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence