{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-29508", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-03-17T13:50:45.571Z", "dateReserved": "2024-03-19T00:00:00.000Z", "datePublished": "2024-07-03T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-07-03T19:28:30.300Z"}, "descriptions": [{"lang": "en", "value": "Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707510"}, {"url": "https://git.ghostscript.com/?p=ghostpdl.git%3Bh=ff1013a0ab485b66783b70145e342a82c670906a"}, {"url": "https://www.openwall.com/lists/oss-security/2024/07/03/7"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707510", "tags": ["x_transferred"]}, {"url": "https://git.ghostscript.com/?p=ghostpdl.git%3Bh=ff1013a0ab485b66783b70145e342a82c670906a", "tags": ["x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2024/07/03/7", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00022.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-10-22T10:03:01.814Z"}}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-122", "lang": "en", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-19T17:49:12.998850Z", "id": "CVE-2024-29508", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-17T13:50:45.571Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707510", "tags": ["x_transferred"]}, {"url": "https://git.ghostscript.com/?p=ghostpdl.git%3Bh=ff1013a0ab485b66783b70145e342a82c670906a", "tags": ["x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2024/07/03/7", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00022.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-10-22T10:03:01.814Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-29508", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-19T17:49:12.998850Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-19T17:51:14.916Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707510"}, {"url": "https://git.ghostscript.com/?p=ghostpdl.git%3Bh=ff1013a0ab485b66783b70145e342a82c670906a"}, {"url": "https://www.openwall.com/lists/oss-security/2024/07/03/7"}], "descriptions": [{"lang": "en", "value": "Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-07-03T19:28:30.300Z"}}}, "cveMetadata": {"cveId": "CVE-2024-29508", "state": "PUBLISHED", "dateUpdated": "2025-03-17T13:50:45.571Z", "dateReserved": "2024-03-19T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-07-03T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*", "matchCriteriaId": "C94A899E-28C1-4FC0-B645-B5BE7AB34082", "versionEndExcluding": "10.03.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc."}, {"lang": "es", "value": "Artifex Ghostscript anterior a 10.03.0 tiene una divulgaci\u00f3n de puntero basada en mont\u00f3n (observable en un nombre BaseFont construido) en la funci\u00f3n pdf_base_font_alloc."}], "id": "CVE-2024-29508", "lastModified": "2025-03-17T14:15:17.610", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-07-03T18:15:04.903", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=707510"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://git.ghostscript.com/?p=ghostpdl.git%3Bh=ff1013a0ab485b66783b70145e342a82c670906a"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Technical Description", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2024/07/03/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=707510"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://git.ghostscript.com/?p=ghostpdl.git%3Bh=ff1013a0ab485b66783b70145e342a82c670906a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Technical Description", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2024/07/03/7"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-122"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "ghostscript: heap pointer leak in pdf_base_font_alloc()", "id": "2295627", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295627"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "status": "draft"}, "cwe": "CWE-401", "details": ["Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.", "A flaw was found in Ghostscript. The`pdf_base_font_alloc` function used by the `pdfwrite` device will use a hexadecimal pointer representation for the constructed BaseFont name if the input name is empty. This flaw allows an attacker to obtain this pointer value by reading back to the output file after writing to a temporary writable and readable location."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-29508", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ghostscript", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ghostscript", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "ghostscript", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "gimp:flatpak/ghostscript", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "ghostscript", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-29508\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-29508\nhttps://bugs.ghostscript.com/show_bug.cgi?id=707510\nhttps://git.ghostscript.com/?p=ghostpdl.git%3Bh=ff1013a0ab485b66783b70145e342a82c670906a\nhttps://www.openwall.com/lists/oss-security/2024/07/03/7"], "statement": "The vulnerability in Ghostscript\u2019s pdf_base_font_alloc function represents a moderate severity issue rather than a important one due to the nature of the exposed information. While the hexadecimal pointer representation of the BaseFont name can be read from the output file, it does not directly reveal sensitive data such as user credentials or confidential content. Instead, the pointer value may offer insights into the memory layout or internal data structures, which, although potentially useful for further exploitation, requires additional steps and context to leverage effectively.", "threat_severity": "Moderate"}