Login Sign Up

CVE-2024-33870

6.3 MEDIUM
Path Traversal

📋 TL;DR

This vulnerability in Ghostscript allows path traversal attacks via crafted PostScript documents, enabling unauthorized file access when the current directory is in permitted paths. It affects systems using vulnerable Ghostscript versions for document processing, particularly those handling untrusted PostScript files.

💻 Affected Systems

Products:
  • Artifex Ghostscript
Versions: All versions before 10.03.1
Operating Systems: All platforms running Ghostscript
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability requires processing of crafted PostScript documents and current directory being in permitted paths.

📦 What is this software?

Ghostscript by Artifex

View all CVEs affecting Ghostscript →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive system files, potentially leading to information disclosure, privilege escalation, or further exploitation.

🟠

Likely Case

Unauthorized access to files within permitted directories, potentially exposing configuration files, credentials, or other sensitive data.

🟢

If Mitigated

Limited impact with proper file permissions and restricted permitted paths, potentially only accessing non-sensitive files.

🌐 Internet-Facing: MEDIUM - Exploitable if Ghostscript processes untrusted PostScript files from external sources, but requires specific conditions.
🏢 Internal Only: LOW - Typically requires local access or specific workflows involving untrusted PostScript files.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires crafting a malicious PostScript document and having it processed by vulnerable Ghostscript with appropriate directory permissions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.03.1

Vendor Advisory: https://bugs.ghostscript.com/show_bug.cgi?id=707686

Restart Required: No

Instructions:

1. Download Ghostscript 10.03.1 or later from official sources. 2. Replace existing Ghostscript installation with patched version. 3. Verify installation with 'gs --version'.

🔧 Temporary Workarounds

Restrict Permitted Paths

all

Limit Ghostscript's permitted paths to prevent traversal outside intended directories.

Configure -sSAFER mode with restricted -I paths in Ghostscript usage

Disable PostScript Processing

all

Prevent processing of PostScript files if not required for workflow.

Remove or disable Ghostscript PostScript handlers in applications

🧯 If You Can't Patch

  • Implement strict input validation to reject PostScript files with path traversal sequences.
  • Run Ghostscript in sandboxed environments with minimal file system access.

🔍 How to Verify

Check if Vulnerable:

Check Ghostscript version with 'gs --version' and compare to 10.03.1.

Check Version:

gs --version

Verify Fix Applied:

Confirm version is 10.03.1 or later with 'gs --version' and test with known safe PostScript files.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns in Ghostscript logs
  • Errors related to path resolution in PostScript processing

Network Indicators:

  • Unexpected file read attempts from Ghostscript processes

SIEM Query:

Process execution logs where gs processes access files outside expected directories

📊 Metadata

CVE ID: CVE-2024-33870
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-22
Published: July 3, 2024
Last Updated: April 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-33870, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)