CVE-2024-46953

EUVD-2024-42156
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
artifexghostscript
𝑥
< 10.04.0
debiandebian_linux
12.0
suselinux_enterprise_high_performance_computing
12.0:sp5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ghostscript
bookworm
10.0.0~dfsg-11+deb12u7
fixed
bookworm (security)
10.0.0~dfsg-11+deb12u8
fixed
bullseye
vulnerable
bullseye (security)
9.53.3~dfsg-7+deb11u11
fixed
forky
10.06.0~dfsg-3
fixed
sid
10.06.0~dfsg-3
fixed
trixie
10.05.1~dfsg-1+deb13u1
fixed
trixie (security)
10.05.1~dfsg-1+deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ghostscript
bionic
Fixed 9.26~dfsg+0-0ubuntu0.18.04.18+esm3
released
focal
Fixed 9.50~dfsg-5ubuntu4.14
released
jammy
Fixed 9.55.0~dfsg1-0ubuntu5.10
released
noble
Fixed 10.02.1~dfsg1-0ubuntu7.4
released
oracular
Fixed 10.03.1~dfsg1-0ubuntu2.1
released
xenial
Fixed 9.26~dfsg+0-0ubuntu0.16.04.14+esm8
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
ghostscript
suse enterprise desktop 15 SP5
9.52-150000.200.1
fixed
suse enterprise desktop 15 SP6
9.52-150000.200.1
fixed
suse enterprise desktop 15 SP7
9.52-150000.200.1
fixed
suse enterprise sap 15 SP2
9.52-150000.200.1
fixed
suse enterprise sap 15 SP3
9.52-150000.200.1
fixed
suse enterprise sap 15 SP4
9.52-150000.200.1
fixed
suse enterprise sap 15 SP5
9.52-150000.200.1
fixed
suse enterprise sap 15 SP6
9.52-150000.200.1
fixed
suse enterprise sap 15 SP7
9.52-150000.200.1
fixed
suse enterprise server 12 SP3
9.52-23.86.1
fixed
suse enterprise server 12 SP5
9.52-23.86.1
fixed
suse enterprise server 15 SP2
9.52-150000.200.1
fixed
suse enterprise server 15 SP3
9.52-150000.200.1
fixed
suse enterprise server 15 SP4
9.52-150000.200.1
fixed
suse enterprise server 15 SP5
9.52-150000.200.1
fixed
suse enterprise server 15 SP6
9.52-150000.200.1
fixed
suse enterprise server 15 SP7
9.52-150000.200.1
fixed
ghostscript-devel
suse enterprise desktop 15 SP5
9.52-150000.200.1
fixed
suse enterprise desktop 15 SP6
9.52-150000.200.1
fixed
suse enterprise desktop 15 SP7
9.52-150000.200.1
fixed
suse enterprise sap 15 SP2
9.52-150000.200.1
fixed
suse enterprise sap 15 SP3
9.52-150000.200.1
fixed
suse enterprise sap 15 SP4
9.52-150000.200.1
fixed
suse enterprise sap 15 SP5
9.52-150000.200.1
fixed
suse enterprise sap 15 SP6
9.52-150000.200.1
fixed
suse enterprise sap 15 SP7
9.52-150000.200.1
fixed
suse enterprise server 12 SP3
9.52-23.86.1
fixed
suse enterprise server 12 SP5
9.52-23.86.1
fixed
suse enterprise server 15 SP2
9.52-150000.200.1
fixed
suse enterprise server 15 SP3
9.52-150000.200.1
fixed
suse enterprise server 15 SP4
9.52-150000.200.1
fixed
suse enterprise server 15 SP5
9.52-150000.200.1
fixed
suse enterprise server 15 SP6
9.52-150000.200.1
fixed
suse enterprise server 15 SP7
9.52-150000.200.1
fixed
ghostscript-x11
suse enterprise desktop 15 SP5
9.52-150000.200.1
fixed
suse enterprise desktop 15 SP6
9.52-150000.200.1
fixed
suse enterprise desktop 15 SP7
9.52-150000.200.1
fixed
suse enterprise sap 15 SP2
9.52-150000.200.1
fixed
suse enterprise sap 15 SP3
9.52-150000.200.1
fixed
suse enterprise sap 15 SP4
9.52-150000.200.1
fixed
suse enterprise sap 15 SP5
9.52-150000.200.1
fixed
suse enterprise sap 15 SP6
9.52-150000.200.1
fixed
suse enterprise sap 15 SP7
9.52-150000.200.1
fixed
suse enterprise server 12 SP3
9.52-23.86.1
fixed
suse enterprise server 12 SP5
9.52-23.86.1
fixed
suse enterprise server 15 SP2
9.52-150000.200.1
fixed
suse enterprise server 15 SP3
9.52-150000.200.1
fixed
suse enterprise server 15 SP4
9.52-150000.200.1
fixed
suse enterprise server 15 SP5
9.52-150000.200.1
fixed
suse enterprise server 15 SP6
9.52-150000.200.1
fixed
suse enterprise server 15 SP7
9.52-150000.200.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
ghostscript
RHEL 8
0:9.27-16.el8_10
fixed
RHEL 9
0:9.54.0-18.el9_6
fixed
ghostscript-doc
RHEL 8
0:9.27-16.el8_10
fixed
RHEL 9
0:9.54.0-18.el9_6
fixed
ghostscript-tools-dvipdf
RHEL 8
0:9.27-16.el8_10
fixed
RHEL 9
0:9.54.0-18.el9_6
fixed
ghostscript-tools-fonts
RHEL 8
0:9.27-16.el8_10
fixed
RHEL 9
0:9.54.0-18.el9_6
fixed
ghostscript-tools-printing
RHEL 8
0:9.27-16.el8_10
fixed
RHEL 9
0:9.54.0-18.el9_6
fixed
ghostscript-x11
RHEL 8
0:9.27-16.el8_10
fixed
RHEL 9
0:9.54.0-18.el9_6
fixed
libgs
RHEL 8
0:9.27-16.el8_10
fixed
RHEL 9
0:9.54.0-18.el9_6
fixed
libgs-devel
RHEL 8
0:9.27-16.el8_10
fixed
RHEL 9
0:9.54.0-18.el9_6
fixed
Common Weakness Enumeration
References
https://bugs.ghostscript.com/show_bug.cgi?id=707793
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1f21a45df0fa3abec4cff12951022b192dda3c00
https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html
https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/
https://lists.debian.org/debian-lts-announce/2024/11/msg00023.html