VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 3, 2024· Updated Nov 7, 2024

CVE-2024-33870

CVE-2024-33870

Description

Path traversal in Ghostscript before 10.03.1 allows arbitrary file access via crafted PostScript if current directory is in permitted paths.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Path traversal in Ghostscript before 10.03.1 allows arbitrary file access via crafted PostScript if current directory is in permitted paths.

Vulnerability

A path traversal vulnerability exists in Artifex Ghostscript prior to version 10.03.1. A crafted PostScript document can transform a path like ../../foo to ./../../foo, which bypasses path restrictions if the current directory is in the permitted paths. This allows reading arbitrary files on the system. The vulnerability was fixed in Ghostscript 10.03.1 released on 2024-05-02 [1][2].

Exploitation

An attacker can exploit this vulnerability by providing a specially crafted PostScript document. No authentication is required, but the current working directory must be among the permitted paths. The attacker crafts a PostScript file that includes path traversal sequences (e.g., ../../foo) to access files outside the intended directory [1].

Impact

Successful exploitation allows an attacker to read arbitrary files on the system, leading to information disclosure. The attacker can access sensitive files such as configuration files, credentials, or other data stored on the same filesystem [1][2].

Mitigation

The vulnerability is fixed in Ghostscript version 10.03.1, released on 2024-05-02. Users should update to this version or later. No workarounds are documented. The issue is not listed in CISA's Known Exploited Vulnerabilities catalog [1][2].

References
  1. security - Ghostscript 10.03.1 (2024-05-02) fixed 5 CVEs including CVE-2024-33871 arbitrary code execution
  2. Making sure you're not a bot!

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

39

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"A path traversal vulnerability exists in Ghostscript when processing PostScript documents."

Attack vector

An attacker can craft a PostScript document that exploits a path traversal vulnerability. If the current directory is within the permitted paths, the transformation of relative path components like "../.." can grant access to arbitrary files. This occurs when the processing logic incorrectly resolves paths, allowing traversal beyond intended boundaries [ref_id=1].

Affected code

The vulnerability is related to the handling of the "Driver" parameter within the "opvp"/"oprp" devices in Ghostscript. Specifically, the code in `contrib/opvp/gdevopvp.c` was modified to add checks for path control activation before allowing changes to this parameter [ref_id=1].

What the fix does

The patch prevents the modification of the "Driver" parameter for the "opvp"/"oprp" devices after path control has been activated. This restriction ensures that the driver name cannot be altered to point to unintended locations, thereby mitigating the path traversal vulnerability [ref_id=1].

Preconditions

  • inputThe attacker must provide a specially crafted PostScript document.
  • configThe current directory must be within the permitted paths for Ghostscript to process.

Generated on Jun 7, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.