ALPINE-CVE-2024-46953

ALPINE-CVE-2024-46953 PUBLISHED CVSS 7.800000190734863 HIGH

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.22	ghostscript	10.0.0-r0, 10.0.0-r1, 10.0.0-r2
Alpine:v3.19	ghostscript	9.27-r1, 9.55.0-r0, 9.54.0-r1
Alpine:v3.23	ghostscript	9.56.1-r0, 9.55.0-r0, 9.54.0-r1
Alpine:v3.20	ghostscript	9.18-r0, 0, 10.0.0-r0
Alpine:v3.21	ghostscript	10.0.0-r2, 8.71-r1, 8.71-r0
Alpine:v3.18	ghostscript	9.55.0-r0, 9.54.0-r1, 9.54.0-r0

Timeline

Nov 10, 2024 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2024-46953 advisory

Open in Interactive Console →