Vulnerability Description
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Artifex | Ghostscript | < 10.04.0 |
| Debian | Debian Linux | 12.0 |
| Suse | Linux Enterprise High Performance Computing | 12.0 |
| Suse | Linux Enterprise Server | 12 |
| Suse | Linux Enterprise Server For Sap | 12 |
Related Weaknesses (CWE)
References
- https://bugs.ghostscript.com/show_bug.cgi?id=707793Permissions Required
- https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1f21a45df0Patch
- https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.htmlProduct
- https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2024/11/msg00023.html
FAQ
What is CVE-2024-46953?
CVE-2024-46953 is a vulnerability with a CVSS score of 7.8 (HIGH). An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and ...
How severe is CVE-2024-46953?
CVE-2024-46953 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-46953?
Check the references section above for vendor advisories and patch information. Affected products include: Artifex Ghostscript, Debian Debian Linux, Suse Linux Enterprise High Performance Computing, Suse Linux Enterprise Server, Suse Linux Enterprise Server For Sap.