{"id":"CVE-2024-29511","details":"Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.","modified":"2026-03-14T12:33:07.406964Z","published":"2024-07-03T19:15:03.430Z","related":["CGA-3h6h-cqx4-v395"],"references":[{"type":"WEB","url":"https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=3d4cfdc1a44"},{"type":"REPORT","url":"https://bugs.ghostscript.com/show_bug.cgi?id=707510"},{"type":"ARTICLE","url":"https://www.openwall.com/lists/oss-security/2024/07/03/7"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/artifexsoftware/ghostpdl-downloads","events":[{"introduced":"0"},{"fixed":"865d8905b3fdb3a0fabe3628a67bad634cf88ba9"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"10.03.1"}]}}],"versions":["9.21rc1","9.27","9.27rc1","9.54.0rc1","ghostpdl-9.51","ghostpdl-9.51rc2","ghostpdl-9.53.0rc1","ghostpdl-9.53.0rc2","ghostpdl-9.55","gpdf_alpha1","gpdf_alpha2","gpdf_beta1","gs10.0.0rc1","gs1000","gs1000rc2","gs1001","gs10010","gs10010rc1","gs10010rc2","gs10011","gs10012","gs10020","gs10020rc1","gs10020rc2","gs10021","gs10030","gs10030rc1","gs9.26rc1","gs9.27","gs918","gs919","gs920","gs920rc1","gs921","gs922","gs922rc1","gs922rc2","gs923","gs923rc1","gs924","gs924rc2","gs925","gs925rc1","gs926","gs927","gs928rc1","gs928rc2","gs928rc3","gs928rc4","gs950","gs951","gs951rc3","gs952","gs9530","gs9531","gs9532","gs9533","gs9540","gs9550","gs9550rc1","gs9560","gs9560rc1","gs9560rc2","gs9561"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-29511.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}