CVE-2024-46956

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Artifex Ghostscript versions prior to 10.04.0

Description: An issue in the psi/zfile.c component of Artifex Ghostscript is related to out-of-bounds data access in the filenameforall function, which can lead to arbitrary code execution. This issue allows an attacker to potentially execute arbitrary code.

Recommendations: For Artifex Ghostscript versions prior to 10.04.0, update to version 10.04.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the filenameforall function in the psi/zfile.c component until a patch is available.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2025:4362

ALSA-2025:7422

BDU:2024-09737

CESA-2025_4362

CVE-2024-46956

DLA-3965-1

DSA-5808-1

INFSA-2025_4362

INFSA-2025_7422

MGASA-2024-0326

OESA-2024-2310

OPENSUSE-SU-2024:14423-1

OPENSUSE-SU-2024_3941-1

RHSA-2025:4362

RHSA-2025:7422

RHSA-2025:7499

RHSA-2025_4362

RHSA-2025_7422

ROSA-SA-2025-2571

SUSE-SU-2024:3941-1

SUSE-SU-2024:3942-1

USN-7103-1

USN-7138-1

Affected Products

Almalinux

Artifex Ghostscript

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2024-46956

Weakness Enumeration

Related Identifiers

Affected Products

References · 92