An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
History

Thu, 14 Nov 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Debian
Debian debian Linux
Suse
Suse linux Enterprise High Performance Computing
Suse linux Enterprise Server
Suse linux Enterprise Server For Sap
CPEs cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_high_performance_computing:12.0:sp5:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:ltss:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:ltss_extended_security:*:*:*
cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:sp5:*:*:*:*:*:*
Vendors & Products Debian
Debian debian Linux
Suse
Suse linux Enterprise High Performance Computing
Suse linux Enterprise Server
Suse linux Enterprise Server For Sap

Tue, 12 Nov 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Artifex
Artifex ghostscript
CPEs cpe:2.3:a:artifex:ghostscript:10.04.0:*:*:*:*:*:*:*
Vendors & Products Artifex
Artifex ghostscript
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 12 Nov 2024 13:45:00 +0000

Type Values Removed Values Added
Title ghostscript: Path Traversal and Code Execution via Integer Overflow in Ghostscript
Weaknesses CWE-190
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

threat_severity

Moderate


Sun, 10 Nov 2024 21:30:00 +0000

Type Values Removed Values Added
Description An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-11-10T00:00:00

Updated: 2024-11-12T20:19:56.551Z

Reserved: 2024-09-16T00:00:00

Link: CVE-2024-46953

cve-icon Vulnrichment

Updated: 2024-11-12T20:19:46.348Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-10T22:15:12.750

Modified: 2024-11-14T02:01:09.580

Link: CVE-2024-46953

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-11-10T00:00:00Z

Links: CVE-2024-46953 - Bugzilla