Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-29511

Опубликовано: 03 июл. 2024
Источник: debian

Описание

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ghostscriptfixed10.03.0~dfsg-1package

Примечания

  • https://bugs.ghostscript.com/show_bug.cgi?id=707510

  • https://www.openwall.com/lists/oss-security/2024/07/03/7

  • https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3d4cfdc1a44b1969a0f14c86673a372654d443c4 (ghostpdl-10.03.0)

  • Ghostscript in Debian not compiled with Tesseract support

  • Regression (affecting pdf2ps) fix: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=638159c43dbb48425a187d244ec288d252d0ecf4 (ghostpdl-10.03.0)

Связанные уязвимости

ubuntu логотип

CVE-2024-29511

CVSS3: 7.5
ubuntu
больше 1 года назад

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.

redhat логотип

CVE-2024-29511

CVSS3: 4.4
redhat
больше 1 года назад

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.

nvd логотип

CVE-2024-29511

CVSS3: 7.5
nvd
больше 1 года назад

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.

github логотип

GHSA-g9m4-vfq7-w439

CVSS3: 7.5
github
больше 1 года назад

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.

fstec логотип

BDU:2024-05696

CVSS3: 7.5
fstec
больше 1 года назад

Уязвимость функцию файла /tmp/out компонента Tesseract набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации