Unrated severityNVD Advisory· Published Nov 10, 2024· Updated Nov 3, 2025
CVE-2024-46953
CVE-2024-46953
Description
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
Affected products
30(expand)+ 1 more
- (no CPE)
- (no CPE)range: <10.04.0
- osv-coords28 versionspkg:rpm/almalinux/ghostscriptpkg:rpm/almalinux/ghostscript-docpkg:rpm/almalinux/ghostscript-tools-dvipdfpkg:rpm/almalinux/ghostscript-tools-fontspkg:rpm/almalinux/ghostscript-tools-printingpkg:rpm/almalinux/ghostscript-x11pkg:rpm/almalinux/libgspkg:rpm/almalinux/libgs-develpkg:rpm/opensuse/ghostscript&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/ghostscript&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/ghostscript&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ghostscript&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/ghostscript&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/ghostscript&distro=SUSE%20Manager%20Server%204.3
< 9.27-16.el8_10+ 27 more
- (no CPE)range: < 9.27-16.el8_10
- (no CPE)range: < 9.27-16.el8_10
- (no CPE)range: < 9.27-16.el8_10
- (no CPE)range: < 9.27-16.el8_10
- (no CPE)range: < 9.27-16.el8_10
- (no CPE)range: < 9.27-16.el8_10
- (no CPE)range: < 9.27-16.el8_10
- (no CPE)range: < 9.27-16.el8_10
- (no CPE)range: < 9.52-150000.200.1
- (no CPE)range: < 9.52-150000.200.1
- (no CPE)range: < 10.04.0-1.1
- (no CPE)range: < 9.52-150000.200.1
- (no CPE)range: < 9.52-150000.200.1
- (no CPE)range: < 9.52-150000.200.1
- (no CPE)range: < 9.52-150000.200.1
- (no CPE)range: < 9.52-150000.200.1
- (no CPE)range: < 9.52-150000.200.1
- (no CPE)range: < 9.52-150000.200.1
- (no CPE)range: < 9.52-23.86.1
- (no CPE)range: < 9.52-150000.200.1
- (no CPE)range: < 9.52-150000.200.1
- (no CPE)range: < 9.52-150000.200.1
- (no CPE)range: < 9.52-150000.200.1
- (no CPE)range: < 9.52-150000.200.1
- (no CPE)range: < 9.52-150000.200.1
- (no CPE)range: < 9.52-23.86.1
- (no CPE)range: < 9.52-150000.200.1
- (no CPE)range: < 9.52-150000.200.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.