Arbitrary Code Execution Vulnerability in Artifex Ghostscript Before 10.04.0
CVE-2024-46951

7.8HIGH

Key Information:

Vendor: Artifex
Status: Ghostscript
Vendor: CVE Published:; 10 November 2024

Summary

A significant security issue has been identified within Artifex Ghostscript, specifically located in the psi/zcolor.c file. Prior to version 10.04.0, an unchecked Implementation pointer in the Pattern color space could lead to arbitrary code execution, allowing attackers to potentially execute code in the context of the application. This vulnerability poses a serious risk as it may enable unauthorized control over affected systems, necessitating immediate attention from all users of the software.

References

https://bugs.ghostscript.com/show_bug.cgi?id=707991

https://github.com/ArtifexSoftware/ghostpdl/blob/master/d...

https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.gi...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 10, 2024
Vulnerability Reserved
Sep 16, 2024