First published: Wed Jul 03 2024(Updated: )
Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/ghostscript | <=9.53.3~dfsg-7+deb11u7<=10.0.0~dfsg-11+deb12u4<=10.0.0~dfsg-11+deb12u5 | 10.03.1~dfsg-2 |
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=638159c43dbb48425a187d244ec288d252d0ecf4
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.