Bug 2295626 (CVE-2024-29506) - CVE-2024-29506 ghostscript: stack-based buffer overflow in the pdfi_apply_filter()
Summary: CVE-2024-29506 ghostscript: stack-based buffer overflow in the pdfi_apply_fil...
Keywords:
Status: NEW
Alias: CVE-2024-29506
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2295697
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-07-03 18:53 UTC by OSIDB Bzimport
Modified: 2024-07-12 03:34 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Ghostscript. The `PDFDEBUG` flag controls the value of `ctx->args.debug`. In `pdfi_apply_filter`. This issue enables the execution of a `memcpy` into a stack buffer, without bounds checks. A filter name larger than 100 will overflow the `str` buffer, which may lead to an application crash or other unexpected behavior.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2024-07-03 18:53:19 UTC
Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name.


Note You need to log in before you can comment on or make changes to this bug.