Detections
Analytics

TencentOS Server 4: ghostscript (TSSA-2024:0891)

high Nessus Plugin ID 239368

Synopsis

The remote TencentOS Server 4 host is missing one or more security updates.

Description

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0891 advisory.

 Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:

 CVE-2024-29509:
 Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle.

 CVE-2024-29506:
 Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name.

 CVE-2024-29508:
 Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.

 CVE-2024-29507:
 Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.

 CVE-2024-29511:
 Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://mirrors.tencent.com/tlinux/errata/tssa-20240891.xml

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29509

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29506

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29508

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29507

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29511

Plugin Details

Severity: High

ID: 239368

File Name: tencentos_TSSA_2024_0891.nasl

Version: 1.1

Type: local

Published: 6/16/2025

Updated: 6/16/2025

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:tencent:tencentos_server:ghostscript, cpe:/o:tencent:tencentos_server:4

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/etc/os-release, Host/TencentOS/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/19/2024

Vulnerability Publication Date: 11/19/2024