Artifex Ghostscript: (CVE-2024-29511) Directory traversal issue allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage.

Artifex Ghostscript: (CVE-2024-29511) Directory traversal issue allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage.

Severity

4

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

07/03/2024

Created

07/10/2024

Added

07/08/2024

Modified

11/19/2024

Description

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.

Solution(s)

• ghostscript-upgrade-10_03_1

References

• https://attackerkb.com/topics/cve-2024-29511
• CVE - 2024-29511