7.8
CVE-2024-46956
- EPSS 0.39%
- Veröffentlicht 10.11.2024 22:15:12
- Zuletzt bearbeitet 03.11.2025 23:16:12
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Artifex ≫ Ghostscript Version < 10.04.0
Debian ≫ Debian Linux Version12.0
Suse ≫ Linux Enterprise High Performance Computing Version12.0 Updatesp5 SwEdition-
Suse ≫ Linux Enterprise Server Version12 Updatesp5 SwEdition-
Suse ≫ Linux Enterprise Server Version12 Updatesp5 SwEditionltss
Suse ≫ Linux Enterprise Server Version12 Updatesp5 SwEditionltss_extended_security
Suse ≫ Linux Enterprise Server For Sap Version12 Updatesp5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.305 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html
https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/
https://bugs.ghostscript.com/show_bug.cgi?id=707895
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f4151f12db32cd3ed26c24327de714bf2c3ed6ca
https://lists.debian.org/debian-lts-announce/2024/11/msg00023.html