7.8

CVE-2024-46951

An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ArtifexGhostscript Version < 10.04.0
DebianDebian Linux Version12.0
SuseLinux Enterprise High Performance Computing Version12.0 Updatesp5 SwEdition-
SuseLinux Enterprise Server Version12 Updatesp5 SwEdition-
SuseLinux Enterprise Server Version12 Updatesp5 SwEditionltss
SuseLinux Enterprise Server Version12 Updatesp5 SwEditionltss_extended_security
SuseLinux Enterprise Server For Sap Version12 Updatesp5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.36% 0.273
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-824 Access of Uninitialized Pointer

The product accesses or uses a pointer that has not been initialized.

https://bugs.ghostscript.com/show_bug.cgi?id=707991
Permissions Required
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8
Patch
https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html
Product
https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/11/msg00023.html