CVE-2024-29511: 
Ghostscript vulnerability analysis and mitigation

Artifex Ghostscript before version 10.03.1 contains a directory traversal vulnerability (CVE-2024-29511) when Tesseract is used for OCR functionality. The vulnerability was discovered and reported in January 2024, with fixes released in March 2024. The issue affects Ghostscript installations that are compiled with Tesseract OCR support (Debian Tracker, NVD).

The vulnerability exists in the OCR functionality when using the OCRLanguage parameter. Through directory traversal, an attacker can force Tesseract to load arbitrary data files by manipulating paths. The vulnerability allows exploitation through Tesseract configuration values, specifically 'userpatternsfile' and 'debug_file' parameters. The issue has been assigned a CVSS v3.1 base score of 7.5 (High) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (Openwall, NVD).

The vulnerability allows unauthorized file reading and writing of error messages to arbitrary files on the system. While the writing capability is limited to error messages with specific formatting (each line starts with 'Error: failed to insert pattern'), the file reading capability is unrestricted. This can lead to exposure of sensitive system files, such as /etc/passwd, outside of the SAFER sandbox (Openwall).

The vulnerability has been fixed in Ghostscript version 10.03.1. Users are advised to upgrade to this version or later. For systems where immediate upgrade is not possible, one mitigation approach is to ensure Ghostscript is not compiled with Tesseract support, as the vulnerability specifically requires this functionality (Debian Tracker, ASEC).