First published: Wed Jul 03 2024(Updated: )
Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Artifex Ghostscript | <10.03.0 | |
debian/ghostscript | <=9.53.3~dfsg-7+deb11u7<=10.0.0~dfsg-11+deb12u4 | 10.0.0~dfsg-11+deb12u5 10.03.1~dfsg-2 |
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=147e5abd63d82c9ec3587c6f67a5d8ec7dc38e61
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d084021e06ba1caa1373fbbcf24a8510f43830ab
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.