Integer Overflow in Ghostscript Could Lead to Path Truncation and Code Execution

CVE-2024-46953

7.8HIGH

Key Information

Vendor: Artifex
Status: Ghostscript
Vendor: CVE Published:; 10 November 2024

Summary

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
Nov 10, 2024
Vulnerability Reserved.
Sep 16, 2024

Collectors

NVD DatabaseMitre Database