CVE-2024-33870
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-33870
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-33870.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-33870
- Related
- Published
- 2024-07-03T19:15:03Z
- Modified
- 2025-04-17T11:08:10.564640Z
- Downstream
- Summary
- [none]
- Details
-
An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted.
- References
Affected packages
Alpine:v3.18 / ghostscript
Package
- Name
- ghostscript
- Purl
- pkg:apk/alpine/ghostscript?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.04.0-r0
Affected versions
8.*
8.64-r0
8.70-r0
8.71-r0
8.71-r1
8.71-r2
8.71-r3
8.71-r4
9.*
9.00-r0
9.00-r1
9.00-r2
9.04-r0
9.05-r0
9.05-r1
9.06-r0
9.06-r1
9.06-r2
9.06-r3
9.07-r0
9.09-r0
9.09-r1
9.10-r0
9.10-r1
9.15-r0
9.15-r1
9.16-r0
9.16-r1
9.16-r2
9.18-r0
9.19-r0
9.19-r1
9.20-r0
9.20-r1
9.21-r0
9.21-r1
9.21-r2
9.21-r3
9.22-r0
9.24-r0
9.25-r0
9.25-r1
9.26-r0
9.26-r1
9.26-r2
9.27-r0
9.27-r1
9.27-r2
9.27-r3
9.27-r4
9.50-r0
9.51-r0
9.52-r0
9.53.1-r0
9.53.2-r0
9.53.3-r0
9.54.0-r0
9.54.0-r1
9.55.0-r0
9.56.1-r0
10.*
10.0.0-r0
10.0.0-r1
10.0.0-r2
10.01.0-r0
10.01.0-r1
10.01.1-r0
10.01.1-r1
10.01.2-r0
10.02.0-r0
Alpine:v3.19 / ghostscript
Package
- Name
- ghostscript
- Purl
- pkg:apk/alpine/ghostscript?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.03.1-r0
Affected versions
8.*
8.64-r0
8.70-r0
8.71-r0
8.71-r1
8.71-r2
8.71-r3
8.71-r4
9.*
9.00-r0
9.00-r1
9.00-r2
9.04-r0
9.05-r0
9.05-r1
9.06-r0
9.06-r1
9.06-r2
9.06-r3
9.07-r0
9.09-r0
9.09-r1
9.10-r0
9.10-r1
9.15-r0
9.15-r1
9.16-r0
9.16-r1
9.16-r2
9.18-r0
9.19-r0
9.19-r1
9.20-r0
9.20-r1
9.21-r0
9.21-r1
9.21-r2
9.21-r3
9.22-r0
9.24-r0
9.25-r0
9.25-r1
9.26-r0
9.26-r1
9.26-r2
9.27-r0
9.27-r1
9.27-r2
9.27-r3
9.27-r4
9.50-r0
9.51-r0
9.52-r0
9.53.1-r0
9.53.2-r0
9.53.3-r0
9.54.0-r0
9.54.0-r1
9.55.0-r0
9.56.1-r0
10.*
10.0.0-r0
10.0.0-r1
10.0.0-r2
10.01.0-r0
10.01.0-r1
10.01.1-r0
10.01.1-r1
10.01.1-r2
10.01.2-r0
10.02.0-r0
10.02.0-r1
10.02.1-r0
Alpine:v3.20 / ghostscript
Package
- Name
- ghostscript
- Purl
- pkg:apk/alpine/ghostscript?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.03.1-r0
Affected versions
8.*
8.64-r0
8.70-r0
8.71-r0
8.71-r1
8.71-r2
8.71-r3
8.71-r4
9.*
9.00-r0
9.00-r1
9.00-r2
9.04-r0
9.05-r0
9.05-r1
9.06-r0
9.06-r1
9.06-r2
9.06-r3
9.07-r0
9.09-r0
9.09-r1
9.10-r0
9.10-r1
9.15-r0
9.15-r1
9.16-r0
9.16-r1
9.16-r2
9.18-r0
9.19-r0
9.19-r1
9.20-r0
9.20-r1
9.21-r0
9.21-r1
9.21-r2
9.21-r3
9.22-r0
9.24-r0
9.25-r0
9.25-r1
9.26-r0
9.26-r1
9.26-r2
9.27-r0
9.27-r1
9.27-r2
9.27-r3
9.27-r4
9.50-r0
9.51-r0
9.52-r0
9.53.1-r0
9.53.2-r0
9.53.3-r0
9.54.0-r0
9.54.0-r1
9.55.0-r0
9.56.1-r0
10.*
10.0.0-r0
10.0.0-r1
10.0.0-r2
10.01.0-r0
10.01.0-r1
10.01.1-r0
10.01.1-r1
10.01.1-r2
10.01.2-r0
10.02.0-r0
10.02.0-r1
10.02.1-r0
Alpine:v3.21 / ghostscript
Package
- Name
- ghostscript
- Purl
- pkg:apk/alpine/ghostscript?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.03.1-r0
Affected versions
8.*
8.64-r0
8.70-r0
8.71-r0
8.71-r1
8.71-r2
8.71-r3
8.71-r4
9.*
9.00-r0
9.00-r1
9.00-r2
9.04-r0
9.05-r0
9.05-r1
9.06-r0
9.06-r1
9.06-r2
9.06-r3
9.07-r0
9.09-r0
9.09-r1
9.10-r0
9.10-r1
9.15-r0
9.15-r1
9.16-r0
9.16-r1
9.16-r2
9.18-r0
9.19-r0
9.19-r1
9.20-r0
9.20-r1
9.21-r0
9.21-r1
9.21-r2
9.21-r3
9.22-r0
9.24-r0
9.25-r0
9.25-r1
9.26-r0
9.26-r1
9.26-r2
9.27-r0
9.27-r1
9.27-r2
9.27-r3
9.27-r4
9.50-r0
9.51-r0
9.52-r0
9.53.1-r0
9.53.2-r0
9.53.3-r0
9.54.0-r0
9.54.0-r1
9.55.0-r0
9.56.1-r0
10.*
10.0.0-r0
10.0.0-r1
10.0.0-r2
10.01.0-r0
10.01.0-r1
10.01.1-r0
10.01.1-r1
10.01.1-r2
10.01.2-r0
10.02.0-r0
10.02.0-r1
10.02.1-r0
Debian:11 / ghostscript
Package
- Name
- ghostscript
- Purl
- pkg:deb/debian/ghostscript?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.53.3~dfsg-7+deb11u7
Debian:12 / ghostscript
Package
- Name
- ghostscript
- Purl
- pkg:deb/debian/ghostscript?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.0.0~dfsg-11+deb12u4
Debian:13 / ghostscript
Package
- Name
- ghostscript
- Purl
- pkg:deb/debian/ghostscript?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.03.1~dfsg~git20240518-1
Git / github.com/artifexsoftware/ghostpdl-downloads
Affected ranges
- Type
- GIT
- Repo
- https://github.com/artifexsoftware/ghostpdl-downloads
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
9.*
9.21rc1
9.27
9.27rc1
9.54.0rc1
ghostpdl-9.*
ghostpdl-9.51
ghostpdl-9.51rc2
ghostpdl-9.53.0rc1
ghostpdl-9.53.0rc2
ghostpdl-9.55
Other
gpdf_alpha1
gpdf_alpha2
gpdf_beta1
gs1000
gs1000rc2
gs1001
gs10010
gs10010rc1
gs10010rc2
gs10011
gs10012
gs10020
gs10020rc1
gs10020rc2
gs10021
gs10030
gs10030rc1
gs918
gs919
gs920
gs920rc1
gs921
gs922
gs922rc1
gs922rc2
gs923
gs923rc1
gs924
gs924rc2
gs925
gs925rc1
gs926
gs927
gs928rc1
gs928rc2
gs928rc3
gs928rc4
gs950
gs951
gs951rc3
gs952
gs9530
gs9531
gs9532
gs9533
gs9540
gs9550
gs9550rc1
gs9560
gs9560rc1
gs9560rc2
gs9561
gs10.*
gs10.0.0rc1
gs9.*
gs9.26rc1
gs9.27