ALPINE-CVE-2024-33870

See a problem?
Please try reporting it to the source first.

Source

https://security.alpinelinux.org/vuln/CVE-2024-33870

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2024-33870.json

JSON Data

https://api.test.osv.dev/v1/vulns/ALPINE-CVE-2024-33870

Upstream

CVE-2024-33870

Published

2024-07-03T19:15:03Z

Modified

2025-10-10T19:27:23.639906Z

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted.

References

https://security.alpinelinux.org/vuln/CVE-2024-33870

Affected packages

Alpine:v3.18 / ghostscript

Package

Name: ghostscript
Purl: pkg:apk/alpine/ghostscript?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.04.0-r0

Affected versions

8.*

8.64-r0

8.70-r0

8.71-r0

8.71-r1

8.71-r2

8.71-r3

8.71-r4

9.*

9.00-r0

9.00-r1

9.00-r2

9.04-r0

9.05-r0

9.05-r1

9.06-r0

9.06-r1

9.06-r2

9.06-r3

9.07-r0

9.09-r0

9.09-r1

9.10-r0

9.10-r1

9.15-r0

9.15-r1

9.16-r0

9.16-r1

9.16-r2

9.18-r0

9.19-r0

9.19-r1

9.20-r0

9.20-r1

9.21-r0

9.21-r1

9.21-r2

9.21-r3

9.22-r0

9.24-r0

9.25-r0

9.25-r1

9.26-r0

9.26-r1

9.26-r2

9.27-r0

9.27-r1

9.27-r2

9.27-r3

9.27-r4

9.50-r0

9.51-r0

9.52-r0

9.53.1-r0

9.53.2-r0

9.53.3-r0

9.54.0-r0

9.54.0-r1

9.55.0-r0

9.56.1-r0

10.*

10.0.0-r0

10.0.0-r1

10.0.0-r2

10.01.0-r0

10.01.0-r1

10.01.1-r0

10.01.1-r1

10.01.2-r0

10.02.0-r0

Alpine:v3.19 / ghostscript

Package

Name: ghostscript
Purl: pkg:apk/alpine/ghostscript?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.03.1-r0

Affected versions

8.*

8.64-r0

8.70-r0

8.71-r0

8.71-r1

8.71-r2

8.71-r3

8.71-r4

9.*

9.00-r0

9.00-r1

9.00-r2

9.04-r0

9.05-r0

9.05-r1

9.06-r0

9.06-r1

9.06-r2

9.06-r3

9.07-r0

9.09-r0

9.09-r1

9.10-r0

9.10-r1

9.15-r0

9.15-r1

9.16-r0

9.16-r1

9.16-r2

9.18-r0

9.19-r0

9.19-r1

9.20-r0

9.20-r1

9.21-r0

9.21-r1

9.21-r2

9.21-r3

9.22-r0

9.24-r0

9.25-r0

9.25-r1

9.26-r0

9.26-r1

9.26-r2

9.27-r0

9.27-r1

9.27-r2

9.27-r3

9.27-r4

9.50-r0

9.51-r0

9.52-r0

9.53.1-r0

9.53.2-r0

9.53.3-r0

9.54.0-r0

9.54.0-r1

9.55.0-r0

9.56.1-r0

10.*

10.0.0-r0

10.0.0-r1

10.0.0-r2

10.01.0-r0

10.01.0-r1

10.01.1-r0

10.01.1-r1

10.01.1-r2

10.01.2-r0

10.02.0-r0

10.02.0-r1

10.02.1-r0

Alpine:v3.20 / ghostscript

Package

Name: ghostscript
Purl: pkg:apk/alpine/ghostscript?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.03.1-r0

Affected versions

8.*

8.64-r0

8.70-r0

8.71-r0

8.71-r1

8.71-r2

8.71-r3

8.71-r4

9.*

9.00-r0

9.00-r1

9.00-r2

9.04-r0

9.05-r0

9.05-r1

9.06-r0

9.06-r1

9.06-r2

9.06-r3

9.07-r0

9.09-r0

9.09-r1

9.10-r0

9.10-r1

9.15-r0

9.15-r1

9.16-r0

9.16-r1

9.16-r2

9.18-r0

9.19-r0

9.19-r1

9.20-r0

9.20-r1

9.21-r0

9.21-r1

9.21-r2

9.21-r3

9.22-r0

9.24-r0

9.25-r0

9.25-r1

9.26-r0

9.26-r1

9.26-r2

9.27-r0

9.27-r1

9.27-r2

9.27-r3

9.27-r4

9.50-r0

9.51-r0

9.52-r0

9.53.1-r0

9.53.2-r0

9.53.3-r0

9.54.0-r0

9.54.0-r1

9.55.0-r0

9.56.1-r0

10.*

10.0.0-r0

10.0.0-r1

10.0.0-r2

10.01.0-r0

10.01.0-r1

10.01.1-r0

10.01.1-r1

10.01.1-r2

10.01.2-r0

10.02.0-r0

10.02.0-r1

10.02.1-r0

Alpine:v3.21 / ghostscript

Package

Name: ghostscript
Purl: pkg:apk/alpine/ghostscript?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.03.1-r0

Affected versions

8.*

8.64-r0

8.70-r0

8.71-r0

8.71-r1

8.71-r2

8.71-r3

8.71-r4

9.*

9.00-r0

9.00-r1

9.00-r2

9.04-r0

9.05-r0

9.05-r1

9.06-r0

9.06-r1

9.06-r2

9.06-r3

9.07-r0

9.09-r0

9.09-r1

9.10-r0

9.10-r1

9.15-r0

9.15-r1

9.16-r0

9.16-r1

9.16-r2

9.18-r0

9.19-r0

9.19-r1

9.20-r0

9.20-r1

9.21-r0

9.21-r1

9.21-r2

9.21-r3

9.22-r0

9.24-r0

9.25-r0

9.25-r1

9.26-r0

9.26-r1

9.26-r2

9.27-r0

9.27-r1

9.27-r2

9.27-r3

9.27-r4

9.50-r0

9.51-r0

9.52-r0

9.53.1-r0

9.53.2-r0

9.53.3-r0

9.54.0-r0

9.54.0-r1

9.55.0-r0

9.56.1-r0

10.*

10.0.0-r0

10.0.0-r1

10.0.0-r2

10.01.0-r0

10.01.0-r1

10.01.1-r0

10.01.1-r1

10.01.1-r2

10.01.2-r0

10.02.0-r0

10.02.0-r1

10.02.1-r0

Alpine:v3.22 / ghostscript

Package

Name: ghostscript
Purl: pkg:apk/alpine/ghostscript?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.03.1-r0

Affected versions

8.*

8.64-r0

8.70-r0

8.71-r0

8.71-r1

8.71-r2

8.71-r3

8.71-r4

9.*

9.00-r0

9.00-r1

9.00-r2

9.04-r0

9.05-r0

9.05-r1

9.06-r0

9.06-r1

9.06-r2

9.06-r3

9.07-r0

9.09-r0

9.09-r1

9.10-r0

9.10-r1

9.15-r0

9.15-r1

9.16-r0

9.16-r1

9.16-r2

9.18-r0

9.19-r0

9.19-r1

9.20-r0

9.20-r1

9.21-r0

9.21-r1

9.21-r2

9.21-r3

9.22-r0

9.24-r0

9.25-r0

9.25-r1

9.26-r0

9.26-r1

9.26-r2

9.27-r0

9.27-r1

9.27-r2

9.27-r3

9.27-r4

9.50-r0

9.51-r0

9.52-r0

9.53.1-r0

9.53.2-r0

9.53.3-r0

9.54.0-r0

9.54.0-r1

9.55.0-r0

9.56.1-r0

10.*

10.0.0-r0

10.0.0-r1

10.0.0-r2

10.01.0-r0

10.01.0-r1

10.01.1-r0

10.01.1-r1

10.01.1-r2

10.01.2-r0

10.02.0-r0

10.02.0-r1

10.02.1-r0