CVEFinder.io

CVE-2024-46953

⚠️ high
🔍 Scan for this CVE
Summary

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.

CVSS Score
7.8
High
EPSS Score
0.1
Exploit Probability
Published Date
2024-11-10
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 70.1% of all 318,332 vulnerabilities in our database.

#95,275
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Nov 12, 2024
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2025-11-03
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-190

📦 Affected Products 5

Vendor Product Status Affected Versions
debian debian_linux Affected
v12.0
suse linux_enterprise_server Affected
v12
artifex ghostscript Affected
< 10.04.0
suse linux_enterprise_server_for_sap Affected
v12
suse linux_enterprise_high_performance_computing Affected
v12.0

🔗 References 5

https://bugs.ghostscript.com/show_bug.cgi?id=707793
Permissions Required
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostp...
Patch
https://github.com/ArtifexSoftware/ghostpdl/blob/mas...
Product
https://www.suse.com/support/update/announcement/202...
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/11...

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-25702 ⚠️ high 7.3 0.1 A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causi... 2026-03-05
CVE-2026-25506 ⚠️ high 7.7 0.0 MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can ... 2026-02-10
CVE-2025-62599 ⚠️ high 7.5 0.0 Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). ... 2026-02-03
CVE-2025-62600 ⚠️ high 7.5 0.0 Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). ... 2026-02-03
CVE-2025-62602 ⚠️ high 7.5 0.0 Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). ... 2026-02-03
CVE-2025-62603 ⚠️ high 7.5 0.0 Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). ... 2026-02-03
These CVEs affect the same products