CVE-2024-29511
Published: 3 July 2024
Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.
Notes
Author | Note |
---|---|
mdeslaur |
while Debian doesn't build Tesseract support, it looks like Ubuntu does in fact have Tesseract support in jammy+ second commit is required to prevent regression in pdf2ps |
Priority
Status
Package | Release | Status |
---|---|---|
ghostscript
Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
focal |
Not vulnerable
(code not present)
|
|
jammy |
Released
(9.55.0~dfsg1-0ubuntu5.9)
|
|
mantic |
Ignored
(end of life, was needed)
|
|
noble |
Released
(10.02.1~dfsg1-0ubuntu7.3)
|
|
upstream |
Released
(10.03.0~dfsg-1)
|
|
xenial |
Not vulnerable
(code not present)
|
|
Patches:
upstream: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3d4cfdc1a44b1969a0f14c86673a372654d443c4 upstream: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=638159c43dbb48425a187d244ec288d252d0ecf4 |