7.8
CVE-2024-46953
- EPSS 0.08%
- Published 10.11.2024 22:15:12
- Last modified 14.11.2024 02:01:09
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
Data is provided by the National Vulnerability Database (NVD)
Artifex ≫ Ghostscript Version < 10.04.0
Debian ≫ Debian Linux Version12.0
Suse ≫ Linux Enterprise High Performance Computing Version12.0 Updatesp5 SwEdition-
Suse ≫ Linux Enterprise Server Version12 Updatesp5 SwEdition-
Suse ≫ Linux Enterprise Server Version12 Updatesp5 SwEditionltss
Suse ≫ Linux Enterprise Server Version12 Updatesp5 SwEditionltss_extended_security
Suse ≫ Linux Enterprise Server For Sap Version12 Updatesp5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.237 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.