CVE-2024-46953

EUVD-2024-42156
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
artifexghostscript
𝑥
< 10.04.0
debiandebian_linux
12.0
suselinux_enterprise_high_performance_computing
12.0:sp5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ghostscript
bookworm
10.0.0~dfsg-11+deb12u7
fixed
bookworm (security)
10.0.0~dfsg-11+deb12u8
fixed
bullseye
vulnerable
bullseye (security)
9.53.3~dfsg-7+deb11u11
fixed
forky
10.06.0~dfsg-3
fixed
sid
10.06.0~dfsg-3
fixed
trixie
10.05.1~dfsg-1+deb13u1
fixed
trixie (security)
10.05.1~dfsg-1+deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ghostscript
bionic
Fixed 9.26~dfsg+0-0ubuntu0.18.04.18+esm3
released
focal
Fixed 9.50~dfsg-5ubuntu4.14
released
jammy
Fixed 9.55.0~dfsg1-0ubuntu5.10
released
noble
Fixed 10.02.1~dfsg1-0ubuntu7.4
released
oracular
Fixed 10.03.1~dfsg1-0ubuntu2.1
released
xenial
Fixed 9.26~dfsg+0-0ubuntu0.16.04.14+esm8
released
Common Weakness Enumeration
References
https://bugs.ghostscript.com/show_bug.cgi?id=707793
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1f21a45df0fa3abec4cff12951022b192dda3c00
https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html
https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/
https://lists.debian.org/debian-lts-announce/2024/11/msg00023.html