Security Advisory

CVE-2024-33871

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-07-03 00:00:00

Last updated 2024-08-02 02:42:59

Assigner mitre

State PUBLISHED

Description

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.

← Browse all CVEs View on cve.org ↗