CVE-2024-33871
- Source
- https://cve.org/CVERecord?id=CVE-2024-33871
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-33871.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-33871
- Downstream
- Related
- Published
- 2024-07-03T00:00:00Z
- Modified
- 2026-05-18T05:58:51.557519887Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/33xxx/CVE-2024-33871.json", "unresolved_ranges": [ { "source": "DESCRIPTION", "extracted_events": [ { "fixed": "10.03.1" } ] } ], "cna_assigner": "mitre" }- References
-
- https://bugs.ghostscript.com/show_bug.cgi?id=707754
- https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908
- https://www.openwall.com/lists/oss-security/2024/06/28/2
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/33xxx/CVE-2024-33871.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-33871
Affected packages
Git / github.com/artifexsoftware/ghostpdl-downloads
Affected ranges
- Type
- GIT
- Repo
- https://github.com/artifexsoftware/ghostpdl-downloads
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "cpe": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "introduced": "0" }, { "fixed": "10.03.1" } ] }
Affected versions
9.*
9.21rc1
9.27
9.27rc1
9.54.0rc1
ghostpdl-9.*
ghostpdl-9.51
ghostpdl-9.51rc2
ghostpdl-9.53.0rc1
ghostpdl-9.53.0rc2
ghostpdl-9.55
Other
gpdf_alpha1
gpdf_alpha2
gpdf_beta1
gs1000
gs1000rc2
gs1001
gs10010
gs10010rc1
gs10010rc2
gs10011
gs10012
gs10020
gs10020rc1
gs10020rc2
gs10021
gs10030
gs10030rc1
gs918
gs919
gs920
gs920rc1
gs921
gs922
gs922rc1
gs922rc2
gs923
gs923rc1
gs924
gs924rc2
gs925
gs925rc1
gs926
gs927
gs928rc1
gs928rc2
gs928rc3
gs928rc4
gs950
gs951
gs951rc3
gs952
gs9530
gs9531
gs9532
gs9533
gs9540
gs9550
gs9550rc1
gs9560
gs9560rc1
gs9560rc2
gs9561
gs10.*
gs10.0.0rc1
gs9.*
gs9.26rc1
gs9.27