{"id":"CVE-2024-33871","details":"An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.","modified":"2026-03-14T12:33:30.044411Z","published":"2024-07-03T19:15:03.943Z","related":["ALSA-2024:3999","ALSA-2024:4000","CGA-jp64-m4cc-467m","MGASA-2024-0192","SUSE-SU-2024:2198-1","SUSE-SU-2024:2199-1","openSUSE-SU-2024:14090-1"],"references":[{"type":"REPORT","url":"https://bugs.ghostscript.com/show_bug.cgi?id=707754"},{"type":"FIX","url":"https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908"},{"type":"ARTICLE","url":"https://www.openwall.com/lists/oss-security/2024/06/28/2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/artifexsoftware/ghostpdl-downloads","events":[{"introduced":"0"},{"fixed":"865d8905b3fdb3a0fabe3628a67bad634cf88ba9"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"10.03.1"}]}}],"versions":["9.21rc1","9.27","9.27rc1","9.54.0rc1","ghostpdl-9.51","ghostpdl-9.51rc2","ghostpdl-9.53.0rc1","ghostpdl-9.53.0rc2","ghostpdl-9.55","gpdf_alpha1","gpdf_alpha2","gpdf_beta1","gs10.0.0rc1","gs1000","gs1000rc2","gs1001","gs10010","gs10010rc1","gs10010rc2","gs10011","gs10012","gs10020","gs10020rc1","gs10020rc2","gs10021","gs10030","gs10030rc1","gs9.26rc1","gs9.27","gs918","gs919","gs920","gs920rc1","gs921","gs922","gs922rc1","gs922rc2","gs923","gs923rc1","gs924","gs924rc2","gs925","gs925rc1","gs926","gs927","gs928rc1","gs928rc2","gs928rc3","gs928rc4","gs950","gs951","gs951rc3","gs952","gs9530","gs9531","gs9532","gs9533","gs9540","gs9550","gs9550rc1","gs9560","gs9560rc1","gs9560rc2","gs9561"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-33871.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}