Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-46953

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.

Published

2024-11-10T22:15:12.750

Last Modified

2024-11-14T02:01:09.580

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses
  • Type: Primary
    CWE-190
  • Type: Secondary
    CWE-190
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application artifex ghostscript < 10.04.0 Yes
Operating System debian debian_linux 12.0 Yes
Operating System suse linux_enterprise_high_performance_computing 12.0 Yes
Operating System suse linux_enterprise_server 12 Yes
Operating System suse linux_enterprise_server 12 Yes
Operating System suse linux_enterprise_server 12 Yes
Operating System suse linux_enterprise_server_for_sap 12 Yes
References