CVE-2024-46953

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-46953

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-46953.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-46953

Related

Published

2024-11-10T22:15:12Z

Modified

2024-11-14T03:53:38.573520Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.

References

Affected packages

Alpine:v3.18 / ghostscript

Package

Name: ghostscript
Purl: pkg:apk/alpine/ghostscript?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.04.0-r0

Affected versions

8.*

8.64-r0

8.70-r0

8.71-r0

8.71-r1

8.71-r2

8.71-r3

8.71-r4

9.*

9.00-r0

9.00-r1

9.00-r2

9.04-r0

9.05-r0

9.05-r1

9.06-r0

9.06-r1

9.06-r2

9.06-r3

9.07-r0

9.09-r0

9.09-r1

9.10-r0

9.10-r1

9.15-r0

9.15-r1

9.16-r0

9.16-r1

9.16-r2

9.18-r0

9.19-r0

9.19-r1

9.20-r0

9.20-r1

9.21-r0

9.21-r1

9.21-r2

9.21-r3

9.22-r0

9.24-r0

9.25-r0

9.25-r1

9.26-r0

9.26-r1

9.26-r2

9.27-r0

9.27-r1

9.27-r2

9.27-r3

9.27-r4

9.50-r0

9.51-r0

9.52-r0

9.53.1-r0

9.53.2-r0

9.53.3-r0

9.54.0-r0

9.54.0-r1

9.55.0-r0

9.56.1-r0

10.*

10.0.0-r0

10.0.0-r1

10.0.0-r2

10.01.0-r0

10.01.0-r1

10.01.1-r0

10.01.1-r1

10.01.2-r0

10.02.0-r0

Alpine:v3.19 / ghostscript

Package

Name: ghostscript
Purl: pkg:apk/alpine/ghostscript?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.04.0-r0

Affected versions

8.*

8.64-r0

8.70-r0

8.71-r0

8.71-r1

8.71-r2

8.71-r3

8.71-r4

9.*

9.00-r0

9.00-r1

9.00-r2

9.04-r0

9.05-r0

9.05-r1

9.06-r0

9.06-r1

9.06-r2

9.06-r3

9.07-r0

9.09-r0

9.09-r1

9.10-r0

9.10-r1

9.15-r0

9.15-r1

9.16-r0

9.16-r1

9.16-r2

9.18-r0

9.19-r0

9.19-r1

9.20-r0

9.20-r1

9.21-r0

9.21-r1

9.21-r2

9.21-r3

9.22-r0

9.24-r0

9.25-r0

9.25-r1

9.26-r0

9.26-r1

9.26-r2

9.27-r0

9.27-r1

9.27-r2

9.27-r3

9.27-r4

9.50-r0

9.51-r0

9.52-r0

9.53.1-r0

9.53.2-r0

9.53.3-r0

9.54.0-r0

9.54.0-r1

9.55.0-r0

9.56.1-r0

10.*

10.0.0-r0

10.0.0-r1

10.0.0-r2

10.01.0-r0

10.01.0-r1

10.01.1-r0

10.01.1-r1

10.01.1-r2

10.01.2-r0

10.02.0-r0

10.02.0-r1

10.02.1-r0

10.03.1-r0

Alpine:v3.20 / ghostscript

Package

Name: ghostscript
Purl: pkg:apk/alpine/ghostscript?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.04.0-r0

Affected versions

8.*

8.64-r0

8.70-r0

8.71-r0

8.71-r1

8.71-r2

8.71-r3

8.71-r4

9.*

9.00-r0

9.00-r1

9.00-r2

9.04-r0

9.05-r0

9.05-r1

9.06-r0

9.06-r1

9.06-r2

9.06-r3

9.07-r0

9.09-r0

9.09-r1

9.10-r0

9.10-r1

9.15-r0

9.15-r1

9.16-r0

9.16-r1

9.16-r2

9.18-r0

9.19-r0

9.19-r1

9.20-r0

9.20-r1

9.21-r0

9.21-r1

9.21-r2

9.21-r3

9.22-r0

9.24-r0

9.25-r0

9.25-r1

9.26-r0

9.26-r1

9.26-r2

9.27-r0

9.27-r1

9.27-r2

9.27-r3

9.27-r4

9.50-r0

9.51-r0

9.52-r0

9.53.1-r0

9.53.2-r0

9.53.3-r0

9.54.0-r0

9.54.0-r1

9.55.0-r0

9.56.1-r0

10.*

10.0.0-r0

10.0.0-r1

10.0.0-r2

10.01.0-r0

10.01.0-r1

10.01.1-r0

10.01.1-r1

10.01.1-r2

10.01.2-r0

10.02.0-r0

10.02.0-r1

10.02.1-r0

10.03.1-r0

Debian:11 / ghostscript

Package

Name: ghostscript
Purl: pkg:deb/debian/ghostscript?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.53.3~dfsg-7

9.53.3~dfsg-7+deb11u1

9.53.3~dfsg-7+deb11u2

9.53.3~dfsg-7+deb11u3

9.53.3~dfsg-7+deb11u4

9.53.3~dfsg-7+deb11u5

9.53.3~dfsg-7+deb11u6

9.53.3~dfsg-7+deb11u7

9.53.3~dfsg-7+deb11u8

9.53.3~dfsg-8

9.54.0~dfsg-1

9.54.0~dfsg-2

9.54.0~dfsg-3

9.54.0~dfsg-4

9.54.0~dfsg-5

9.55.0~~rc1~dfsg-1

9.55.0~dfsg-1

9.55.0~dfsg-2

9.55.0~dfsg-3

9.56.0~~rc1~dfsg-1

9.56.0~~rc2~dfsg-1

9.56.0~dfsg-1

9.56.1~dfsg-1

10.*

10.0.0~dfsg-1

10.0.0~dfsg-2

10.0.0~dfsg-3

10.0.0~dfsg-4

10.0.0~dfsg-5

10.0.0~dfsg-6

10.0.0~dfsg-7

10.0.0~dfsg-8

10.0.0~dfsg-9

10.0.0~dfsg-10

10.0.0~dfsg-11

10.01.2~dfsg-1

10.02.0~dfsg-1

10.02.0~dfsg-2

10.02.1~dfsg-1

10.02.1~dfsg-2

10.02.1~dfsg-3

10.03.0~dfsg-1

10.03.1~dfsg~git20240518-1

10.03.1~dfsg-1

10.03.1~dfsg-2

10.04.0~dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ghostscript

Package

Name: ghostscript
Purl: pkg:deb/debian/ghostscript?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.0.0~dfsg-11+deb12u6

Affected versions

10.*

10.0.0~dfsg-11

10.0.0~dfsg-11+deb12u1

10.0.0~dfsg-11+deb12u2

10.0.0~dfsg-11+deb12u3

10.0.0~dfsg-11+deb12u4

10.0.0~dfsg-11+deb12u5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ghostscript

Package

Name: ghostscript
Purl: pkg:deb/debian/ghostscript?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.04.0~dfsg-1

Affected versions

10.*

10.0.0~dfsg-11

10.01.2~dfsg-1

10.02.0~dfsg-1

10.02.0~dfsg-2

10.02.1~dfsg-1

10.02.1~dfsg-2

10.02.1~dfsg-3

10.03.0~dfsg-1

10.03.1~dfsg~git20240518-1

10.03.1~dfsg-1

10.03.1~dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/artifexsoftware/ghostpdl

Affected ranges

Type: GIT
Repo: https://github.com/artifexsoftware/ghostpdl
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

df8f4966577fff70320be2eb33cb55eb15d05d52

Affected versions

Other

chrisl-test

ghostpdl

ghostpdl-ebuild

ken_20220210_baseline

robin_test_ref

ghostpdl-1.*

ghostpdl-1.53

ghostpdl-1.54

ghostpdl-10.*

ghostpdl-10.01.1-gse-10174

ghostpdl-10.02.0-test-base-001

ghostpdl-10.04.0rc1

ghostpdl-10.04.0rc1_test001

ghostpdl-10.04.0rc2_test001

ghostpdl-8.*

ghostpdl-8.70

ghostpdl-8.71

ghostpdl-9.*

ghostpdl-9.00

ghostpdl-9.01

ghostpdl-9.02

ghostpdl-9.52-test-base-1

ghostpdl-9.52-test-base-3

ghostpdl-9.52-test-base-4

ghostpdl-9.54.0-test-base-0

ghostpdl-9.55-test-base-0

ghostpdl-9.56.0-test-base-0

ghostpdl-9.56.0-test-base-2

ghostpdl-9.56.0-test-base-3

ghostpdl-9.56.0-test-base-4

ghostpdl-9.56.0-test-base-5

ghostscript-6.*

ghostscript-6.0

ghostscript-6.01

ghostscript-6.20

ghostscript-6.21

ghostscript-6.22

ghostscript-6.23

ghostscript-6.30

ghostscript-6.31

ghostscript-6.32

ghostscript-6.50

ghostscript-6.60

ghostscript-6.61

ghostscript-6.62

ghostscript-6.63

ghostscript-6.64

ghostscript-7.*

ghostscript-7.00

ghostscript-7.02

ghostscript-7.03

ghostscript-7.04

ghostscript-7.20

ghostscript-7.21

ghostscript-7.22

ghostscript-7.30

ghostscript-7.31

ghostscript-7.32

ghostscript-7.33

ghostscript-8.*

ghostscript-8.00

ghostscript-8.01

ghostscript-8.10

ghostscript-8.11

ghostscript-8.12

ghostscript-8.13

ghostscript-8.14

ghostscript-8.15

ghostscript-8.30

ghostscript-8.31

ghostscript-8.32

ghostscript-8.33

ghostscript-8.50

ghostscript-8.51

ghostscript-8.52

ghostscript-8.53

ghostscript-8.56

ghostscript-8.57

ghostscript-8.60

ghostscript-8.61

ghostscript-8.62

ghostscript-8.63

ghostscript-8.64

ghostscript-8.70

ghostscript-8.71

ghostscript-9.*

ghostscript-9.01

ghostscript-9.02

jbig2dec-0.*

jbig2dec-0.14