Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-07-03T00:00:00
Updated: 2024-08-02T01:10:55.453Z
Reserved: 2024-03-19T00:00:00
Link: CVE-2024-29511
Vulnrichment
Updated: 2024-08-02T01:10:55.453Z
NVD
Status : Awaiting Analysis
Published: 2024-07-03T19:15:03.430
Modified: 2024-07-08T14:18:08.567
Link: CVE-2024-29511
Redhat