CVE-2024-46953

Severity CVSS v4.0:
Pending analysis
Type:
CWE-190 Integer Overflow or Wraparound
Publication date:
10/11/2024
Last modified:
14/11/2024

Description

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:* 10.04.0 (excluding)
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_high_performance_computing:12.0:sp5:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:ltss:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:ltss_extended_security:*:*:*
cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:sp5:*:*:*:*:*:*