CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-29508

High Severity
Artifex
SVRS
43/100
CVSSv3
3.3/10
EPSS
0.00013/1

CVE-2024-29508 is a heap-based pointer disclosure vulnerability affecting Artifex Ghostscript versions before 10.03.0. This vulnerability, located in the pdf_base_font_alloc function, can be triggered by a specially crafted BaseFont name. While the CVSS score is relatively low at 3.3, indicating a moderate risk, the SOCRadar Vulnerability Risk Score (SVRS) is 43, meaning the danger is higher than it appears. This discrepancy arises from the fact that the SVRS considers real-world threat intelligence, such as dark web mentions and exploit code availability. The pointer disclosure can lead to information leakage. This is a significant security concern due to the potential for attackers to gain sensitive information about the system's memory layout.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:L
UI:N
S:U
C:L
I:N
A:N
PUBLICATION DATE2025-03-17
LAST MODIFIED2024-07-03

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-29508 | Artifex Ghostscript up to 10.0.2.x BaseFont Name pdf_base_font_alloc heap-based overflow (Nessus ID 209517)
vuldb.com2025-03-21
CVE-2024-29508 | Artifex Ghostscript up to 10.0.2.x BaseFont Name pdf_base_font_alloc heap-based overflow (Nessus ID 209517) | A vulnerability has been found in Artifex Ghostscript up to 10.0.2.x and classified as critical. Affected by this vulnerability is the function pdf_base_font_alloc of the component BaseFont Name Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is known as <
vuldb.com
rss
forum
news
USN-6897-1: Ghostscript vulnerabilities
2024-07-15
USN-6897-1: Ghostscript vulnerabilities | It was discovered that Ghostscript incorrectly handled certain long PDF filter names. An attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-29506) It was discovered that Ghostscript incorrectly handled certain API parameters. An attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-29507) It was discovered that Ghostscript incorrectly handled certain BaseFont names. An attacker could
ubuntu.com
rss
forum
news
Critical Ghostscript flaw exploited in the wild. Patch it now!
Pierluigi Paganini2024-07-08
Critical Ghostscript flaw exploited in the wild. Patch it now! | Threat actors are exploiting Ghostscript vulnerability CVE-2024-29510 to bypass the sandbox and achieve remote code execution. Threat actors are actively exploiting a Ghostscript vulnerability, tracked as CVE-2024-29510, that can allow them to escape the &#8211;dSAFER sandbox and achieve remote code execution. Ghostscript is an interpreter for the PostScript language and for PDF files. It is [&#8230;] Threat actors are exploiting
darkshadow
oro0lxy
securityaffairs.co
rss
CVE-2024-29508 | Artifex Ghostscript up to 10.0.2.x BaseFont Name pdf_base_font_alloc heap-based overflow
vuldb.com2024-07-03
CVE-2024-29508 | Artifex Ghostscript up to 10.0.2.x BaseFont Name pdf_base_font_alloc heap-based overflow | A vulnerability has been found in Artifex Ghostscript up to 10.0.2.x and classified as critical. Affected by this vulnerability is the function pdf_base_font_alloc of the component BaseFont Name Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is known as <a href="https://
cve-2024-29508
domains
urls
cves

Social Media

We've published the final part of our research into Ghostscript, leading to CVE-2024-29506, CVE-2024-29507, CVE-2024-29508, and CVE-2024-29509. Not as practically exploitable as the previous ones, but just as fun to find, hope you enjoy. https://t.co/Rc7sPXLXqJ
1
0
1
CVE-2024-29508 Artifex Ghostscript before 10.0.3.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc. https://t.co/30pfpBRFM3
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppArtifexghostscript

References

ReferenceLink
[email protected]https://bugs.ghostscript.com/show_bug.cgi?id=707510
[email protected]https://git.ghostscript.com/?p=ghostpdl.git%3Bh=ff1013a0ab485b66783b70145e342a82c670906a
[email protected]https://www.openwall.com/lists/oss-security/2024/07/03/7
GITHUBhttps://bugs.ghostscript.com/show_bug.cgi?id=707510
GITHUBhttps://www.openwall.com/lists/oss-security/2024/07/03/7

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence