Report
CVE-2024-29510: Ghostscript uniprint format-string via PostScript params
4ccdb9a7-3168-4d12-a498-6a9e3dd006d2
Ghostscript ghostpdl <= 10.03.0 uniprint device (devices/gdevupd.c) treats attacker-controlled PostScript string parameters as printf format strings, giving arbitrary read/write and SAFER-sandbox bypass. Triggered through normal setpagedevice; no -dNOSAFER required because parameter setting is permitted in default policy.