CVE-2024-46953
published 2024-11-10CVE-2024-46953: An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | ghostscript | < 10.04.0 | 10.04.0 |
| artifex | ghostscript | >= 0 < 9.53.3~dfsg-7+deb11u9 | 9.53.3~dfsg-7+deb11u9 |
| artifex | ghostscript | >= 0 < 10.0.0~dfsg-11+deb12u6 | 10.0.0~dfsg-11+deb12u6 |
| artifex | ghostscript | >= 0 < 10.04.0~dfsg-1 | 10.04.0~dfsg-1 |
| artifex | ghostscript | >= 0 < 10.04.0~dfsg-1 | 10.04.0~dfsg-1 |
| artifex | ghostscript | >= 0 < 9.50~dfsg-5ubuntu4.14 | 9.50~dfsg-5ubuntu4.14 |
| artifex | ghostscript | >= 0 < 9.55.0~dfsg1-0ubuntu5.10 | 9.55.0~dfsg1-0ubuntu5.10 |
| artifex | ghostscript | >= 0 < 10.02.1~dfsg1-0ubuntu7.4 | 10.02.1~dfsg1-0ubuntu7.4 |
| debian | debian_linux | — | — |
| debian | ghostscript | < ghostscript 10.0.0~dfsg-11+deb12u6 (bookworm) | ghostscript 10.0.0~dfsg-11+deb12u6 (bookworm) |
| suse | linux_enterprise_high_performance_computing | — | — |
| suse | linux_enterprise_server | — | — |
| suse | linux_enterprise_server_for_sap | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH