Possible Unicode Encoding Error Leads to Directory Traversal

CVE-2024-46954

7.8HIGH

Key Information

Vendor: Artifex
Status: Ghostscript
Vendor: CVE Published:; 10 November 2024

Summary

An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Nov 10, 2024
Vulnerability Reserved.
Sep 16, 2024

Collectors

NVD DatabaseMitre Database