CVE-2024-29510: 
Ghostscript vulnerability analysis and mitigation

CVE-2024-29510 affects Artifex Ghostscript versions before 10.03.1. The vulnerability was discovered in March 2024 and involves a format string injection vulnerability in the uniprint device that allows memory corruption and SAFER sandbox bypass (Ghostscript Bug, NVD).

The vulnerability exists in the uniprint device's handling of string parameters upWriteComponentCommands and upYMoveCommand, which are treated as format strings for gpfprintf and gssnprintf functions. The implementation lacks validation to prevent arbitrary format strings with multiple specifiers from being used. The format string parsing logic in gssnprintf is not hardened by compiler measures like DFORTIFY_SOURCE and supports the %n modifier, making it particularly vulnerable to exploitation (OSS Security).

This vulnerability can be exploited to leak data from the stack and perform memory corruption. The issue is particularly impactful for web applications and services offering document conversion and preview functionalities that use Ghostscript under the hood, either directly or through tools like ImageMagick and LibreOffice (Codean Labs).

The vulnerability has been fixed in Ghostscript version 10.03.1. Users are advised to upgrade to this version or later. The fix prevents PostScript code from altering these parameters after SAFER is enabled, limiting them to command-line configuration only (Ghostscript Bug).