Artifex Product Security Update Announcement (CVE-2024-29510, CVE-2024-29511)

Jul 11 2024

Overview

An update has been made available to fix vulnerabilities in Artifex products. Users of affected versions are advised to update to the latest version.

Affected Products

Artifex Ghostscript version: ~ 10.03.1 (excluded)

Resolved Vulnerabilities

Memory corruption via format string injection using a uniprint device, allowing sandbox bypass (CVE-2024-29510)

Directory traversal vulnerability allowing arbitrary file reads (and writing error messages to arbitrary files) via OCRLanguage when using Tesseract for OCR (CVE-2024-29511)

Vulnerability Patches

Artifex Ghostscript Version: 10.03.1

Referenced Sites

[1] CVE-2024-29510 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-29510

[2] CVE-2024-29510 – Exploiting Ghostscript using format strings

https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/

[3] CVE-2024-29511 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-29511

Artifex Product Security Update Announcement (CVE-2024-29510, CVE-2024-29511)

Adobe Product Suite July 2024 Routine Security Update Advisory

Palo Alto Networks (Expedition, PAN-OS, Cloud NGFW, Prisma Access, Cortex XDR Agent) Family July 2024 Security Update Advisory

Tags:

Adobe Product Suite July 2024 Routine Security Update Advisory

Palo Alto Networks (Expedition, PAN-OS, Cloud NGFW, Prisma Access, Cortex XDR Agent) Family July 2024 Security Update Advisory