CVE-2024-29511

Published: March 7, 2024

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.

HIGH
CVSS v3: 7.5

Status

DocFilters Release	Package	State	Justification	Comment
25.1	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
24.4	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
24.4.0	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
24.3	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
24.2.1	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
24.2	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
24.1	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
23.3	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
23.2.1	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
23.2	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
23.1	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
22.4	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
22.3	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
22.2	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
22.1	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
21.11.1	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
21.11	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
21.8.1	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
21.8	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
21.5.1	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
21.5.0	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
21.2.0	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
11.4.20	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
11.4.19.3667	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
11.4.18.3599	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
11.4.17	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
11.4.16.3445	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
11.4.15.3368	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
11.4.14.3263	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
11.4.13.3179	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
11.4.12.3054	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
11.4.11.3040	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
11.4.11.2990	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
11.4.10.2934	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
11.4.9.2878	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software
11.4.8.2822	tesseract (3.02.02)	Not Affected	Code Not Present	Document Filter does not use Artifex Ghostscript software

Severity score breakdown

Attack Complexity

LOW

Attack Vector

NETWORK

Availability Impact

NONE

Base Score

7.5

Base Severity

HIGH

Confidentiality Impact

HIGH

Integrity Impact

NONE

Privileges Required

NONE

Scope

UNCHANGED

User Interaction

NONE

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Version

3.1

References

NVD
MITRE