7.8

CVE-2024-46956

An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ArtifexGhostscript Version < 10.04.0
DebianDebian Linux Version12.0
SuseLinux Enterprise High Performance Computing Version12.0 Updatesp5 SwEdition-
SuseLinux Enterprise Server Version12 Updatesp5 SwEdition-
SuseLinux Enterprise Server Version12 Updatesp5 SwEditionltss
SuseLinux Enterprise Server Version12 Updatesp5 SwEditionltss_extended_security
SuseLinux Enterprise Server For Sap Version12 Updatesp5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.39% 0.305
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html
Product
https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/
Third Party Advisory
https://bugs.ghostscript.com/show_bug.cgi?id=707895
Permissions Required
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f4151f12db32cd3ed26c24327de714bf2c3ed6ca
Patch
https://lists.debian.org/debian-lts-announce/2024/11/msg00023.html