CVE-2024-46951

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Artifex Ghostscript versions prior to 10.04.0

Description An issue was discovered in psi/zcolor.c, related to an unchecked Implementation pointer in Pattern color space, which could lead to arbitrary code execution. The vulnerability is associated with access to an uninitialized pointer, allowing an attacker to execute arbitrary code.

Recommendations For Artifex Ghostscript versions prior to 10.04.0, update to version 10.04.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the psi/zcolor.c component until a patch is available.

Fix

DoS

Access of Uninitialized Pointer

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-824

Related Identifiers

ALSA-2025:4362

ALSA-2025:7422

BDU:2024-09419

CESA-2025_4362

CVE-2024-46951

DLA-3965-1

DSA-5808-1

INFSA-2025_4362

INFSA-2025_7422

MGASA-2024-0326

OESA-2024-2355

OESA-2024-2356

OESA-2024-2357

OESA-2024-2358

OESA-2024-2359

OPENSUSE-SU-2024:14423-1

OPENSUSE-SU-2024_3941-1

RHSA-2025:4362

RHSA-2025:7422

RHSA-2025:7499

RHSA-2025_4362

RHSA-2025_7422

SUSE-SU-2024:3941-1

SUSE-SU-2024:3942-1

SUSE-SU-2024_3941-1

SUSE-SU-2024_3942-1

USN-7103-1

USN-7138-1

Affected Products

Almalinux

Artifex Ghostscript

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2024-46951

Weakness Enumeration

Related Identifiers

Affected Products

References · 100