CVE-2024-46953

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugs.ghostscript.com/show_bug.cgi?id=707793	Permissions Required
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1f21a45df0fa3abec4cff12951022b192dda3c00	Patch
https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html	Product
https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:suse:linux_enterprise_high_performance_computing:12.0:sp5:::-:::*
	cpe:2.3:o:suse:linux_enterprise_server:12:sp5:::-:::*
	cpe:2.3:o:suse:linux_enterprise_server:12:sp5:::ltss:::*
	cpe:2.3:o:suse:linux_enterprise_server:12:sp5:::ltss_extended_security:::*
	cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:sp5::::::

History

No history.

Information

Published : 2024-11-10 22:15

Updated : 2024-11-14 02:01

NVD link : CVE-2024-46953

Mitre link : CVE-2024-46953

CVE.ORG link : CVE-2024-46953

JSON object : View

Products Affected

debian

debian_linux

suse

linux_enterprise_server
linux_enterprise_high_performance_computing
linux_enterprise_server_for_sap

artifex

ghostscript

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2024-46953", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-11-10T22:15:12.750", "references": [{"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707793", "tags": ["Permissions Required"], "source": "cve@mitre.org"}, {"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1f21a45df0fa3abec4cff12951022b192dda3c00", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en base/gsdevice.c en Artifex Ghostscript anterior a la versi\u00f3n 10.04.0. Un desbordamiento de enteros al analizar la cadena de formato de nombre de archivo (para el nombre de archivo de salida) da como resultado el truncamiento de la ruta y la posible traves\u00eda de la ruta y la ejecuci\u00f3n del c\u00f3digo."}], "lastModified": "2024-11-14T02:01:09.580", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4202C3F1-622D-4443-B2F0-1C26F73BD662", "versionEndExcluding": "10.04.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:12.0:sp5:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "F8C8AD43-557D-4285-BA46-9C5785F53229"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "9F714147-87CC-4DAF-81E4-C6DFA7C4F2AE"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:ltss:*:*:*", "vulnerable": true, "matchCriteriaId": "930B3D1B-202E-4FE9-8737-329874F1D821"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:ltss_extended_security:*:*:*", "vulnerable": true, "matchCriteriaId": "AE1A79C4-DC01-4CC6-A745-C20E70C3FF03"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:sp5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21ED3679-51E2-4D12-84AD-ACCE27B55F13"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}