Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-33871

Опубликовано: 03 июл. 2024
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 8.8

Описание

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.

РелизСтатусПримечание
devel

released

10.02.1~dfsg1-0ubuntu9
esm-infra/bionic

not-affected

code not present
esm-infra/focal

released

9.50~dfsg-5ubuntu4.12
esm-infra/xenial

needed

focal

released

9.50~dfsg-5ubuntu4.12
jammy

released

9.55.0~dfsg1-0ubuntu5.7
mantic

released

10.01.2~dfsg1-0ubuntu2.3
noble

released

10.02.1~dfsg1-0ubuntu7.1
oracular

released

10.02.1~dfsg1-0ubuntu9
plucky

released

10.02.1~dfsg1-0ubuntu9

Показывать по

Ссылки на источники

EPSS

Процентиль: 64%
0.00483
Низкий

8.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2024-33871

CVSS3: 8.8
redhat
больше 1 года назад

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.

nvd логотип

CVE-2024-33871

CVSS3: 8.8
nvd
больше 1 года назад

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.

debian логотип

CVE-2024-33871

CVSS3: 8.8
debian
больше 1 года назад

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib ...

suse-cvrf логотип

SUSE-SU-2024:2199-1

suse-cvrf
больше 1 года назад

Security update for ghostscript

suse-cvrf логотип

SUSE-SU-2024:2198-1

suse-cvrf
больше 1 года назад

Security update for ghostscript

EPSS

Процентиль: 64%
0.00483
Низкий

8.8 High

CVSS3