vulnerability
Amazon Linux 2023: CVE-2024-29508: Medium priority package update for ghostscript
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:L/AC:L/Au:S/C:P/I:N/A:P) | Jul 3, 2024 | Feb 17, 2025 | Jul 4, 2025 |
Severity
3
CVSS
(AV:L/AC:L/Au:S/C:P/I:N/A:P)
Published
Jul 3, 2024
Added
Feb 17, 2025
Modified
Jul 4, 2025
Description
Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.
A flaw was found in Ghostscript. The`pdf_base_font_alloc` function used by the `pdfwrite` device will use a hexadecimal pointer representation for the constructed BaseFont name if the input name is empty. This flaw allows an attacker to obtain this pointer value by reading back to the output file after writing to a temporary writable and readable location.
A flaw was found in Ghostscript. The`pdf_base_font_alloc` function used by the `pdfwrite` device will use a hexadecimal pointer representation for the constructed BaseFont name if the input name is empty. This flaw allows an attacker to obtain this pointer value by reading back to the output file after writing to a temporary writable and readable location.
Solutions
amazon-linux-2023-upgrade-ghostscriptamazon-linux-2023-upgrade-ghostscript-debuginfoamazon-linux-2023-upgrade-ghostscript-debugsourceamazon-linux-2023-upgrade-ghostscript-docamazon-linux-2023-upgrade-ghostscript-gtkamazon-linux-2023-upgrade-ghostscript-gtk-debuginfoamazon-linux-2023-upgrade-ghostscript-tools-dvipdfamazon-linux-2023-upgrade-ghostscript-tools-fontsamazon-linux-2023-upgrade-ghostscript-tools-printingamazon-linux-2023-upgrade-ghostscript-x11amazon-linux-2023-upgrade-ghostscript-x11-debuginfoamazon-linux-2023-upgrade-libgsamazon-linux-2023-upgrade-libgs-debuginfoamazon-linux-2023-upgrade-libgs-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.