An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
Metrics
Affected Vendors & Products
References
History
Thu, 14 Nov 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Debian
Debian debian Linux Suse Suse linux Enterprise High Performance Computing Suse linux Enterprise Server Suse linux Enterprise Server For Sap |
|
CPEs | cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_high_performance_computing:12.0:sp5:*:*:-:*:*:* cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:-:*:*:* cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:ltss:*:*:* cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:ltss_extended_security:*:*:* cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:sp5:*:*:*:*:*:* |
|
Vendors & Products |
Debian
Debian debian Linux Suse Suse linux Enterprise High Performance Computing Suse linux Enterprise Server Suse linux Enterprise Server For Sap |
Tue, 12 Nov 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Artifex
Artifex ghostscript |
|
CPEs | cpe:2.3:a:artifex:ghostscript:10.04.0:*:*:*:*:*:*:* | |
Vendors & Products |
Artifex
Artifex ghostscript |
|
Metrics |
ssvc
|
Tue, 12 Nov 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | ghostscript: Path Traversal and Code Execution via Integer Overflow in Ghostscript | |
Weaknesses | CWE-190 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Sun, 10 Nov 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution. | |
References |
|
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-11-10T00:00:00
Updated: 2024-11-12T20:19:56.551Z
Reserved: 2024-09-16T00:00:00
Link: CVE-2024-46953
Vulnrichment
Updated: 2024-11-12T20:19:46.348Z
NVD
Status : Analyzed
Published: 2024-11-10T22:15:12.750
Modified: 2024-11-14T02:01:09.580
Link: CVE-2024-46953
Redhat