CVE-2024-29510

MEDIUM EXPLOITED

Ghostscript Command Execution via Format String

Title source: metasploit

Description

Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.

Exploits (2)

nomisec WORKING POC 1 stars
by swsmith2391 · poc
https://github.com/swsmith2391/CVE-2024-29510
metasploit WORKING POC EXCELLENT
by Thomas Rinsma, Christophe De La fuente · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/fileformat/ghostscript_format_string_cve_2024_29510.rb

References (4)

Scores

CVSS v3 6.3
EPSS 0.0823
EPSS Percentile 92.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Details

VulnCheck KEV 2024-07-03
CWE
CWE-693
Status published
Products (1)
artifex/ghostscript < 10.03.1
Published Jul 03, 2024
Tracked Since Feb 18, 2026