{"id":"CVE-2024-29510","details":"Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.","modified":"2026-03-20T12:35:41.827122Z","published":"2024-07-03T19:15:03.320Z","related":["ALSA-2024:6197","CGA-29rv-3qv7-r6vm","MGASA-2024-0192","SUSE-SU-2024:2276-1","SUSE-SU-2024:2292-1","openSUSE-SU-2024:14090-1"],"references":[{"type":"REPORT","url":"https://bugs.ghostscript.com/show_bug.cgi?id=707662"},{"type":"ARTICLE","url":"https://www.openwall.com/lists/oss-security/2024/07/03/7"},{"type":"EVIDENCE","url":"https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/"},{"type":"EVIDENCE","url":"https://www.vicarius.io/vsociety/posts/critical-vulnerability-in-ghostscript-cve-2024-29510"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/artifexsoftware/ghostpdl-downloads","events":[{"introduced":"0"},{"fixed":"865d8905b3fdb3a0fabe3628a67bad634cf88ba9"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"10.03.1"}]}}],"versions":["9.21rc1","9.27","9.27rc1","9.54.0rc1","ghostpdl-9.51","ghostpdl-9.51rc2","ghostpdl-9.53.0rc1","ghostpdl-9.53.0rc2","ghostpdl-9.55","gpdf_alpha1","gpdf_alpha2","gpdf_beta1","gs10.0.0rc1","gs1000","gs1000rc2","gs1001","gs10010","gs10010rc1","gs10010rc2","gs10011","gs10012","gs10020","gs10020rc1","gs10020rc2","gs10021","gs10030","gs10030rc1","gs9.26rc1","gs9.27","gs918","gs919","gs920","gs920rc1","gs921","gs922","gs922rc1","gs922rc2","gs923","gs923rc1","gs924","gs924rc2","gs925","gs925rc1","gs926","gs927","gs928rc1","gs928rc2","gs928rc3","gs928rc4","gs950","gs951","gs951rc3","gs952","gs9530","gs9531","gs9532","gs9533","gs9540","gs9550","gs9550rc1","gs9560","gs9560rc1","gs9560rc2","gs9561"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-29510.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"}]}