{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-33871", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T02:42:59.809Z", "dateReserved": "2024-04-27T00:00:00", "datePublished": "2024-07-03T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-07-03T18:30:52.435256"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707754"}, {"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908"}, {"url": "https://www.openwall.com/lists/oss-security/2024/06/28/2"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "affected": [{"vendor": "artifex", "product": "ghostscript", "cpes": ["cpe:2.3:a:artifex:ghostscript:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "10.03.1", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-05T14:13:10.636639Z", "id": "CVE-2024-33871", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T14:15:15.405Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:42:59.809Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707754", "tags": ["x_transferred"]}, {"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908", "tags": ["x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2024/06/28/2", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707754", "tags": ["x_transferred"]}, {"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908", "tags": ["x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2024/06/28/2", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:42:59.809Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-33871", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-05T14:13:10.636639Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:artifex:ghostscript:-:*:*:*:*:*:*:*"], "vendor": "artifex", "product": "ghostscript", "versions": [{"status": "affected", "version": "0", "lessThan": "10.03.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T14:15:05.981Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707754"}, {"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908"}, {"url": "https://www.openwall.com/lists/oss-security/2024/06/28/2"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-07-03T18:30:52.435256"}}}, "cveMetadata": {"cveId": "CVE-2024-33871", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:42:59.809Z", "dateReserved": "2024-04-27T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-07-03T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Artifex Ghostscript antes de la versi\u00f3n 10.03.1. contrib/opvp/gdevopvp.c permite la ejecuci\u00f3n de c\u00f3digo arbitrario a trav\u00e9s de una librer\u00eda de controladores personalizada, explotable a trav\u00e9s de un documento PostScript manipulado. Esto ocurre porque el par\u00e1metro Controlador para dispositivos opvp (y oprp) puede tener un nombre arbitrario para una librer\u00eda din\u00e1mica; luego se carga esta librer\u00eda. "}], "id": "CVE-2024-33871", "lastModified": "2024-07-08T14:18:32.130", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-07-03T19:15:03.943", "references": [{"source": "cve@mitre.org", "url": "https://bugs.ghostscript.com/show_bug.cgi?id=707754"}, {"source": "cve@mitre.org", "url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908"}, {"source": "cve@mitre.org", "url": "https://www.openwall.com/lists/oss-security/2024/06/28/2"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:4549", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "ghostscript-0:9.25-5.el7_9.1", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2024-07-15T00:00:00Z"}, {"advisory": "RHSA-2024:4000", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "ghostscript-0:9.27-13.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4537", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "ghostscript-0:9.25-6.el8_2.1", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-07-15T00:00:00Z"}, {"advisory": "RHSA-2024:4544", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "ghostscript-0:9.27-2.el8_4.1", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-07-15T00:00:00Z"}, {"advisory": "RHSA-2024:4544", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "ghostscript-0:9.27-2.el8_4.1", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-07-15T00:00:00Z"}, {"advisory": "RHSA-2024:4544", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "ghostscript-0:9.27-2.el8_4.1", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-07-15T00:00:00Z"}, {"advisory": "RHSA-2024:4462", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "ghostscript-0:9.27-2.el8_6.1", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-07-10T00:00:00Z"}, {"advisory": "RHSA-2024:4462", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "ghostscript-0:9.27-2.el8_6.1", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-07-10T00:00:00Z"}, {"advisory": "RHSA-2024:4462", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "ghostscript-0:9.27-2.el8_6.1", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-07-10T00:00:00Z"}, {"advisory": "RHSA-2024:4527", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "ghostscript-0:9.27-6.el8_8.1", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-07-15T00:00:00Z"}, {"advisory": "RHSA-2024:3999", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "ghostscript-0:9.54.0-16.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4014", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "ghostscript-0:9.54.0-7.el9_0.3", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:4541", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "ghostscript-0:9.54.0-12.el9_2.1", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-07-15T00:00:00Z"}], "bugzilla": {"description": "ghostscript: OPVP device arbitrary code execution via custom Driver library", "id": "2283508", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283508"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.", "A flaw was found in Ghostscript. The \"Driver\" parameter for the \"opvp\"/\"oprp\" device specifies the name of a dynamic library and allows any library to be loaded. This flaw allows a malicious user to send a specially crafted document that, when processed by Ghostscript, could potentially lead to arbitrary code execution with the privileges of the Ghostscript process on the system."], "mitigation": {"lang": "en:us", "value": "Passing the -dSAFER safety argument on the command line prevents the issue by locking security-related variables after Ghostscript\u2019s initialization. In RHEL 9, -dSAFER is enabled by default, ensuring that insecure commands are rejected in a safer environment. This mitigation is equally effective in RHEL 7 and 8 when -dSAFER is explicitly passed on the command line, addressing the vulnerability that allows insecure commands within PostScript files. Since the OPVP device, cannot be removed, we recommend to use -dSAFER in RHEL 7 and 8 as a practical security measure."}, "name": "CVE-2024-33871", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ghostscript", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "gimp:flatpak/ghostscript", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2024-05-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-33871\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-33871"], "threat_severity": "Important", "upstream_fix": "ghostscript 10.03.1"}