VDB

CESS-2024-46953

CESS-2024-46953 PUBLISHED CVSS 7.8 HIGH

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.

Risk Scores

CVSS 3.1
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Timeline

  • Nov 10, 2024 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›