Ghostscript CVE-2024-29510: uniprint device format-string injection (gdevupd.c)

Ghostscript <= 10.03.0 'uniprint' device (devices/gdevupd.c) accepts user-controlled PostScript device parameters 'upWriteComponentCommands' (SA_WRITECOMP) and 'upYMoveCommand' (S_YMOVE) via param_read_string/param_read_string_array, then passes their raw bytes as the format-string argument to gp_fprintf and gs_snprintf in the page-writer paths (gdevupd.c lines ~7021, 7028, 7049, 7053). An attacker supplying a malicious PostScript/PDF document with setpagedevice can therefore embed %s/%x/%n in those parameters, achieving arbitrary memory read/write and SAFER sandbox bypass / RCE.