CVE-2024-46953

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Artifex Ghostscript versions prior to 10.04.0

Description: The issue is related to an integer overflow in the base/gsdevice.c component of Artifex Ghostscript, which can result in path truncation and possible path traversal and code execution when parsing the filename format string for the output filename. This can potentially allow an attacker to execute arbitrary code.

Recommendations: For Artifex Ghostscript versions prior to 10.04.0, upgrade to version 10.04.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable base/gsdevice.c component until a patch is available. Avoid using the filename format string for the output filename in the affected API endpoint until the issue is resolved.

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2025:4362

ALSA-2025:7422

BDU:2024-09743

CESA-2025_4362

CVE-2024-46953

DLA-3965-1

DSA-5808-1

INFSA-2025_4362

INFSA-2025_7422

MGASA-2024-0326

OESA-2024-2310

OPENSUSE-SU-2024:14423-1

OPENSUSE-SU-2024_3941-1

RHSA-2025:4362

RHSA-2025:7422

RHSA-2025:7499

RHSA-2025_4362

RHSA-2025_7422

SUSE-SU-2024:3941-1

SUSE-SU-2024:3942-1

USN-7103-1

USN-7138-1

Affected Products

Almalinux

Artifex Ghostscript

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2024-46953

Weakness Enumeration

Related Identifiers

Affected Products

References · 95