CVE-2024-46954

CVSS v3.1

8.4

High

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Artifex Ghostscript versions prior to 10.04.0

Description An issue was discovered in the decode utf8 function in base/gp utf8.c of Artifex Ghostscript. This issue is related to overlong UTF-8 encoding, which can lead to possible ../ directory traversal.

Recommendations For Artifex Ghostscript versions prior to 10.04.0, update to version 10.04.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the decode utf8 function in base/gp utf8.c to minimize the risk of exploitation.

Fix

DoS

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALSA-2025:4362

ALSA-2025:7422

BDU:2026-07721

CESA-2025_4362

CVE-2024-46954

INFSA-2025_4362

INFSA-2025_7422

MGASA-2024-0326

OPENSUSE-SU-2024:14423-1

RHSA-2025:4362

RHSA-2025:7422

RHSA-2025:7499

RHSA-2025_4362

RHSA-2025_7422

USN-7103-1

Affected Products

Almalinux

Artifex Ghostscript

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Ubuntu

CVE-2024-46954

Weakness Enumeration

Related Identifiers

Affected Products

References · 71