2283508 – (CVE-2024-33871) CVE-2024-33871 ghostscript: OPVP device arbitrary code execution via custom Driver library

Bug 2283508 (CVE-2024-33871) - CVE-2024-33871 ghostscript: OPVP device arbitrary code execution via custom Driver library

Summary: CVE-2024-33871 ghostscript: OPVP device arbitrary code execution via custom D...

Keywords:
Status:	NEW
Alias:	CVE-2024-33871
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2283509
Blocks:	2283510
TreeView+	depends on / blocked

Reported:	2024-05-27 14:40 UTC by Mauro Matteo Cascella
Modified:	2024-10-23 18:27 UTC (History)
CC List:	2 users (show)
Fixed In Version:	ghostscript 10.03.1
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2024:4029	None	None	None	2024-06-20 13:59:33 UTC
Red Hat Product Errata	RHBA-2024:4030	None	None	None	2024-06-20 14:12:06 UTC
Red Hat Product Errata	RHBA-2024:4076	None	None	None	2024-06-25 00:48:40 UTC
Red Hat Product Errata	RHBA-2024:8405	None	None	None	2024-10-23 18:27:38 UTC
Red Hat Product Errata	RHSA-2024:3999	None	None	None	2024-06-20 05:49:52 UTC
Red Hat Product Errata	RHSA-2024:4000	None	None	None	2024-06-20 05:54:29 UTC
Red Hat Product Errata	RHSA-2024:4014	None	None	None	2024-06-20 06:16:02 UTC
Red Hat Product Errata	RHSA-2024:4462	None	None	None	2024-07-10 18:06:49 UTC
Red Hat Product Errata	RHSA-2024:4527	None	None	None	2024-07-15 01:10:53 UTC
Red Hat Product Errata	RHSA-2024:4537	None	None	None	2024-07-15 13:11:20 UTC
Red Hat Product Errata	RHSA-2024:4541	None	None	None	2024-07-15 16:08:12 UTC
Red Hat Product Errata	RHSA-2024:4544	None	None	None	2024-07-15 16:06:33 UTC
Red Hat Product Errata	RHSA-2024:4549	None	None	None	2024-07-15 16:12:36 UTC

Description Mauro Matteo Cascella 2024-05-27 14:40:53 UTC

The "Driver" parameter for the "opvp"/"oprp" device specifies the name of a dynamic library and allows any library to be loaded, potentially leading to arbitrary code execution.

References:
https://bugs.ghostscript.com/show_bug.cgi?id=707754
https://ghostscript.readthedocs.io/en/gs10.03.1/News.html

Upstream patch:
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908

Comment 1 Mauro Matteo Cascella 2024-05-27 14:45:32 UTC

Created ghostscript tracking bugs for this issue:

Affects: fedora-all [bug 2283509]

Comment 4 errata-xmlrpc 2024-06-20 05:49:51 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:3999 https://access.redhat.com/errata/RHSA-2024:3999

Comment 5 errata-xmlrpc 2024-06-20 05:54:29 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:4000 https://access.redhat.com/errata/RHSA-2024:4000

Comment 6 errata-xmlrpc 2024-06-20 06:16:02 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:4014 https://access.redhat.com/errata/RHSA-2024:4014

Comment 7 Alice Magnet 2024-07-02 07:04:37 UTC Comment hidden (spam)

Ghostscript, a versatile interpreter for PostScript and PDF files, is widely used in various applications and environments to process and convert graphical and text documents. https://fridaynight-funkin.io

Comment 8 errata-xmlrpc 2024-07-10 18:06:47 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:4462 https://access.redhat.com/errata/RHSA-2024:4462

Comment 9 errata-xmlrpc 2024-07-15 01:10:51 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:4527 https://access.redhat.com/errata/RHSA-2024:4527

Comment 10 errata-xmlrpc 2024-07-15 13:11:19 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:4537 https://access.redhat.com/errata/RHSA-2024:4537

Comment 11 errata-xmlrpc 2024-07-15 16:06:31 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2024:4544 https://access.redhat.com/errata/RHSA-2024:4544

Comment 12 errata-xmlrpc 2024-07-15 16:08:10 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:4541 https://access.redhat.com/errata/RHSA-2024:4541

Comment 13 errata-xmlrpc 2024-07-15 16:12:35 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2024:4549 https://access.redhat.com/errata/RHSA-2024:4549

Comment 14 truonganna 2024-10-21 09:24:58 UTC Comment hidden (spam)

Wow those are great ideas how did you get them  https://henrystickmin.io unbelievable

Note You need to log in before you can comment on or make changes to this bug.