Search for vulnerabilities
Vulnerability details: VCID-hkdf-r34h-1fey
Vulnerability ID VCID-hkdf-r34h-1fey
Aliases CVE-2024-29510
Summary Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.
Status Published
Exploitability 2.0
Weighted Severity 5.7
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
cvssv3 5.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29510.json
epss 0.05603 https://api.first.org/data/v1/epss?cve=CVE-2024-29510
epss 0.05603 https://api.first.org/data/v1/epss?cve=CVE-2024-29510
epss 0.06453 https://api.first.org/data/v1/epss?cve=CVE-2024-29510
epss 0.06453 https://api.first.org/data/v1/epss?cve=CVE-2024-29510
epss 0.06453 https://api.first.org/data/v1/epss?cve=CVE-2024-29510
epss 0.06453 https://api.first.org/data/v1/epss?cve=CVE-2024-29510
epss 0.06453 https://api.first.org/data/v1/epss?cve=CVE-2024-29510
epss 0.06453 https://api.first.org/data/v1/epss?cve=CVE-2024-29510
epss 0.06453 https://api.first.org/data/v1/epss?cve=CVE-2024-29510
epss 0.06453 https://api.first.org/data/v1/epss?cve=CVE-2024-29510
epss 0.06453 https://api.first.org/data/v1/epss?cve=CVE-2024-29510
epss 0.06453 https://api.first.org/data/v1/epss?cve=CVE-2024-29510
epss 0.06453 https://api.first.org/data/v1/epss?cve=CVE-2024-29510
epss 0.06453 https://api.first.org/data/v1/epss?cve=CVE-2024-29510
epss 0.07278 https://api.first.org/data/v1/epss?cve=CVE-2024-29510
epss 0.07278 https://api.first.org/data/v1/epss?cve=CVE-2024-29510
epss 0.07278 https://api.first.org/data/v1/epss?cve=CVE-2024-29510
cvssv3.1 6.3 https://bugs.ghostscript.com/show_bug.cgi?id=707662
ssvc Track https://bugs.ghostscript.com/show_bug.cgi?id=707662
cvssv3.1 6.3 https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/
ssvc Track https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/
cvssv3.1 5.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 6.3 https://www.openwall.com/lists/oss-security/2024/07/03/7
ssvc Track https://www.openwall.com/lists/oss-security/2024/07/03/7
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29510.json
https://api.first.org/data/v1/epss?cve=CVE-2024-29510
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52722
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29510
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33869
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33871
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://www.vicarius.io/vsociety/posts/critical-vulnerability-in-ghostscript-cve-2024-29510
2293950 https://bugzilla.redhat.com/show_bug.cgi?id=2293950
7 https://www.openwall.com/lists/oss-security/2024/07/03/7
cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*
CVE-2024-29510 https://nvd.nist.gov/vuln/detail/CVE-2024-29510
cve-2024-29510-ghostscript-format-string-exploitation https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/
RHSA-2024:6197 https://access.redhat.com/errata/RHSA-2024:6197
RHSA-2024:6466 https://access.redhat.com/errata/RHSA-2024:6466
show_bug.cgi?id=707662 https://bugs.ghostscript.com/show_bug.cgi?id=707662
USN-6835-1 https://usn.ubuntu.com/6835-1/
Data source Metasploit
Description This module exploits a format string vulnerability in Ghostscript versions before 10.03.1 to achieve a SAFER sandbox bypass and execute arbitrary commands. This vulnerability is reachable via libraries such as ImageMagick. This exploit only works against Ghostscript versions 10.03.0 and 10.01.2. Some offsets adjustement will probably be needed to make it work with other versions.
Note 
Stability:
  - crash-safe
SideEffects:
  - artifacts-on-disk
Reliability:
  - repeatable-session
Ransomware campaign use Unknown
Source publication date March 14, 2024
Platform Linux,Unix,Windows
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/fileformat/ghostscript_format_string_cve_2024_29510.rb
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29510.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N Found at https://bugs.ghostscript.com/show_bug.cgi?id=707662
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T13:49:45Z/ Found at https://bugs.ghostscript.com/show_bug.cgi?id=707662
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N Found at https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T13:49:45Z/ Found at https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N Found at https://www.openwall.com/lists/oss-security/2024/07/03/7
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T13:49:45Z/ Found at https://www.openwall.com/lists/oss-security/2024/07/03/7
Exploit Prediction Scoring System (EPSS)
Percentile 0.89953
EPSS Score 0.05603
Published At Aug. 16, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:28:08.147807+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.21/main.json 37.0.0