CVE-2024-29507
Published: 3 July 2024
Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.
Notes
Author | Note |
---|---|
mdeslaur |
per Debian, introduced by: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=316c3a08269212f1005709da64efcb383f8f5ce0 looks like this also introduced it: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=9ebc7de2f18bb8b899f9298bdbc6b1a8fb66c6b5 |
Priority
Status
Package | Release | Status |
---|---|---|
ghostscript
Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
focal |
Not vulnerable
(code not present)
|
|
jammy |
Not vulnerable
(code not present)
|
|
mantic |
Ignored
(end of life, was needed)
|
|
noble |
Released
(10.02.1~dfsg1-0ubuntu7.3)
|
|
upstream |
Released
(10.03.0~dfsg-1)
|
|
xenial |
Not vulnerable
(code not present)
|
|
Patches:
upstream: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7745dbe24514710b0cfba925e608e607dee9eb0f |