5.5

CVE-2024-46955

An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ArtifexGhostscript Version < 10.04.0
DebianDebian Linux Version12.0
SuseLinux Enterprise High Performance Computing Version12.0 Updatesp5 SwEdition-
SuseLinux Enterprise Server Version12 Updatesp5 SwEdition-
SuseLinux Enterprise Server Version12 Updatesp5 SwEditionltss
SuseLinux Enterprise Server Version12 Updatesp5 SwEditionltss_extended_security
SuseLinux Enterprise Server For Sap Version12 Updatesp5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.3% 0.21
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html
Product
https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/
Third Party Advisory
https://bugs.ghostscript.com/show_bug.cgi?id=707990
Permissions Required
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=85bd9d2f4b792fe67aef22f1a4117457461b8ba6
Patch
https://lists.debian.org/debian-lts-announce/2024/11/msg00023.html