CVE-2024-29510

MEDIUM EXPLOITED

Ghostscript Command Execution via Format String

Title source: metasploit

Exploitation Summary

CVE-2024-29510 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including swsmith2391, Thomas Rinsma, Christophe De La fuente, including a Metasploit module exploits/multi/fileformat/ghostscript_format_string_cve_2024_29510.

AI-analyzed exploit summary This repository contains a working PoC for CVE-2024-29510, a Ghostscript format string vulnerability. It includes a Flask-based vulnerable application (VulnApp) and a stager script to exploit the vulnerability, resulting in a reverse shell.

Description

Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.

Exploits (2)

nomisec WORKING POC 1 stars

by swsmith2391 · poc

https://github.com/swsmith2391/CVE-2024-29510

View Code ZIP pw:eip

This repository contains a working PoC for CVE-2024-29510, a Ghostscript format string vulnerability. It includes a Flask-based vulnerable application (VulnApp) and a stager script to exploit the vulnerability, resulting in a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Ghostscript 10.01.2

No auth needed

Prerequisites: Ghostscript 10.01.2 installed on the target system · Network access to the target system · Ability to host a malicious EPS file and a reverse shell payload

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Thomas Rinsma, Christophe De La fuente · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/fileformat/ghostscript_format_string_cve_2024_29510.rb

View Code ZIP pw:eip

This Metasploit module exploits a format string vulnerability in Ghostscript (CVE-2024-29510) to bypass the SAFER sandbox and execute arbitrary commands. It generates a malicious EPS file that triggers the vulnerability when processed by Ghostscript or ImageMagick.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Ghostscript versions before 10.03.1 (specifically 10.03.0 and 10.01.2)

No auth needed

Prerequisites: Target system with vulnerable Ghostscript version · Ability to deliver malicious EPS file to target

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Issue Tracking

https://bugs.ghostscript.com/show_bug.cgi?id=707662

Exploit, Third Party Advisory

https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/

Mailing List

https://www.openwall.com/lists/oss-security/2024/07/03/7

Exploit, Third Party Advisory

https://www.vicarius.io/vsociety/posts/critical-vulnerability-in-ghostscript-cve-2024-29510

Scores

CVSS v3 6.3

EPSS 0.2797

EPSS Percentile 97.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2024-07-03

CWE

CWE-693

Status published

Products (1)

artifex/ghostscript < 10.03.1

Published Jul 03, 2024

Tracked Since Feb 18, 2026