CVE-2024-46953

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 10, 2024

Updated: Nov 14, 2024

CWE ID 190

Summary

CVE-2024-46953 is a vulnerability affecting Artifex Ghostscript versions prior to 10.04.0. This issue involves an integer overflow in the base/gsdevice.c file, specifically when parsing the filename format string for the output filename. Consequences of this vulnerability include path truncation, enabling potential path traversal, and ultimately, code execution. Attackers could exploit this flaw to gain unauthorized access, install malware, or execute arbitrary commands on the targeted system. Users are urged to update to the latest version of Ghostscript to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

SUSE Linux Enterprise Server
GhostScript
Debian

Affected Vendors

Debian
SUSE Linux GmbH
Artifex

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Know What Matters

For Customers

For Partners