- Vulnerability/
- USN-6897-1
USN-6897-1: Ghostscript vulnerabilities
First published: Mon Jul 15 2024(Updated: )
It was discovered that Ghostscript incorrectly handled certain long PDF filter names. An attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-29506) It was discovered that Ghostscript incorrectly handled certain API parameters. An attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-29507) It was discovered that Ghostscript incorrectly handled certain BaseFont names. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2024-29508) It was discovered that Ghostscript incorrectly handled certain PDF passwords that contained NULL bytes. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-29509) It was discovered that Ghostscript incorrectly handled certain certain file paths when doing OCR. An attacker could use this issue to read arbitrary files and write error messages to arbitrary files. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-29511)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/ghostscript | <10.02.1~dfsg1-0ubuntu7.3 | 10.02.1~dfsg1-0ubuntu7.3 |
| Ubuntu Ubuntu | =24.04 | |
| All of | ||
| ubuntu/libgs10 | <10.02.1~dfsg1-0ubuntu7.3 | 10.02.1~dfsg1-0ubuntu7.3 |
| Ubuntu Ubuntu | =24.04 | |
| All of | ||
| ubuntu/ghostscript | <9.55.0~dfsg1-0ubuntu5.9 | 9.55.0~dfsg1-0ubuntu5.9 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/libgs9 | <9.55.0~dfsg1-0ubuntu5.9 | 9.55.0~dfsg1-0ubuntu5.9 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/ghostscript | <9.50~dfsg-5ubuntu4.13 | 9.50~dfsg-5ubuntu4.13 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/libgs9 | <9.50~dfsg-5ubuntu4.13 | 9.50~dfsg-5ubuntu4.13 |
| Ubuntu Ubuntu | =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2024-29508
- https://ubuntu.com/security/CVE-2024-29507
- https://ubuntu.com/security/CVE-2024-29511
- https://ubuntu.com/security/CVE-2024-29509
- https://ubuntu.com/security/CVE-2024-29506
- https://launchpad.net/ubuntu/+source/ghostscript/10.02.1~dfsg1-0ubuntu7.3
- https://launchpad.net/ubuntu/+source/ghostscript/9.55.0~dfsg1-0ubuntu5.9
- https://launchpad.net/ubuntu/+source/ghostscript/9.50~dfsg-5ubuntu4.13
- https://ubuntu.com/security/notices/USN-6897-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/references
- agent/severity
- agent/title
- agent/softwarecombine
- agent/description
- agent/type
- agent/tags
- agent/event
- agent/first-publish-date
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/24.04
- version/ubuntu ubuntu/22.04
- version/ubuntu ubuntu/20.04