CVE-2024-33869

An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename.

Database specific

{
    "unresolved_ranges": [
        {
            "source": "DESCRIPTION",
            "extracted_events": [
                {
                    "fixed": "10.03.1"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/33xxx/CVE-2024-33869.json",
    "cna_assigner": "mitre"
}

References

Affected packages

Git / github.com/artifexsoftware/ghostpdl-downloads

Affected ranges

Type

GIT

Repo

https://github.com/artifexsoftware/ghostpdl-downloads

Events

Introduced

Fixed

865d8905b3fdb3a0fabe3628a67bad634cf88ba9

Database specific

{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "10.03.1"
        }
    ],
    "cpe": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*"
}

Affected versions

9.*

9.21rc1

9.27

9.27rc1

9.54.0rc1

ghostpdl-9.*

ghostpdl-9.51

ghostpdl-9.51rc2

ghostpdl-9.53.0rc1

ghostpdl-9.53.0rc2

ghostpdl-9.55

Other

gpdf_alpha1

gpdf_alpha2

gpdf_beta1

gs1000

gs1000rc2

gs1001

gs10010

gs10010rc1

gs10010rc2

gs10011

gs10012

gs10020

gs10020rc1

gs10020rc2

gs10021

gs10030

gs10030rc1

gs918

gs919

gs920

gs920rc1

gs921

gs922

gs922rc1

gs922rc2

gs923

gs923rc1

gs924

gs924rc2

gs925

gs925rc1

gs926

gs927

gs928rc1

gs928rc2

gs928rc3

gs928rc4

gs950

gs951

gs951rc3

gs952

gs9530

gs9531

gs9532

gs9533

gs9540

gs9550

gs9550rc1

gs9560

gs9560rc1

gs9560rc2

gs9561

gs10.*

gs10.0.0rc1

gs9.*

gs9.26rc1

gs9.27

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-33869.json"