What is the severity of CVE-2024-29511?

CVE-2024-29511 has been classified as a high severity vulnerability due to its potential for unauthorized file reading and manipulation.

How do I fix CVE-2024-29511?

To mitigate CVE-2024-29511, update to Ghostscript version 10.03.1 or later immediately.

What type of attack does CVE-2024-29511 enable?

CVE-2024-29511 enables an attacker to perform directory traversal attacks, allowing them to read arbitrary files on the system.

Which versions of Ghostscript are affected by CVE-2024-29511?

CVE-2024-29511 affects Ghostscript versions prior to 10.03.1.

Is Tesseract the only component involved in CVE-2024-29511?

Yes, CVE-2024-29511 specifically involves Tesseract as it is used for OCR functionality in Ghostscript.

Vulnerability/
CVE-2024-29511

high

7.5

CWE

489

3/7/2024

28/4/2025

CVE-2024-29511

First published: Wed Jul 03 2024(Updated: )

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
debian/ghostscript	<=9.53.3~dfsg-7+deb11u7<=10.0.0~dfsg-11+deb12u4<=10.0.0~dfsg-11+deb12u5	10.03.1~dfsg-2
Ghostscript	<10.03.1

Remedy

https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3d4cfdc1a44b1969a0f14c86673a372654d443c4

Remedy

https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=638159c43dbb48425a187d244ec288d252d0ecf4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-29511?
CVE-2024-29511 has been classified as a high severity vulnerability due to its potential for unauthorized file reading and manipulation.
How do I fix CVE-2024-29511?
To mitigate CVE-2024-29511, update to Ghostscript version 10.03.1 or later immediately.
What type of attack does CVE-2024-29511 enable?
CVE-2024-29511 enables an attacker to perform directory traversal attacks, allowing them to read arbitrary files on the system.
Which versions of Ghostscript are affected by CVE-2024-29511?
CVE-2024-29511 affects Ghostscript versions prior to 10.03.1.
Is Tesseract the only component involved in CVE-2024-29511?
Yes, CVE-2024-29511 specifically involves Tesseract as it is used for OCR functionality in Ghostscript.

agent/type
agent/first-publish-date
agent/weakness
agent/severity
agent/remedy
collector/nvd-cve
source/NVD
agent/author
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
collector/usn-cve
source/Ubuntu
agent/references
agent/softwarecombine
agent/description
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-api
package-manager/debian
vendor/artifex
canonical/ghostscript

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.