DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-33871

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-33871

CGA ID

CGA-fcj4-4m67-f7hj

Description

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images