CVE-2024-46953

HIGH

Ghostscript < 10.04.0 - Integer Overflow in Output Filename Parsing

Title source: llm

Description

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.

References (5)

Core 5

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2024/11/msg00023.html

Permissions Required

https://bugs.ghostscript.com/show_bug.cgi?id=707793

Patch

https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1f21a45df0fa3abec4cff12951022b192dda3c00

Product

https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html

View Writeup ZIP pw:eip

Third Party Advisory

https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/

Scores

CVSS v3 7.8

EPSS 0.0011

EPSS Percentile 28.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-190

Status published

Products (5)

artifex/ghostscript < 10.04.0

debian/debian_linux 12.0

suse/linux_enterprise_high_performance_computing 12.0 sp5

suse/linux_enterprise_server 12 sp5 (3 CPE variants)

suse/linux_enterprise_server_for_sap 12 sp5

Published Nov 10, 2024

Tracked Since Feb 18, 2026