CVEFinder.io

CVE-2024-46953

⚠️ high
🔍 Scan for this CVE
Summary

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.

CVSS Score
7.8
High
EPSS Score
0.1
Exploit Probability
Published Date
2024-11-10
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 69.7% of all 322,079 vulnerabilities in our database.

#97,519
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Nov 12, 2024
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2025-11-03
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-190

📦 Affected Products 5

Vendor Product Status Affected Versions
debian debian_linux Affected
v12.0
suse linux_enterprise_server Affected
v12
artifex ghostscript Affected
< 10.04.0
suse linux_enterprise_server_for_sap Affected
v12
suse linux_enterprise_high_performance_computing Affected
v12.0

🔗 References 5

https://bugs.ghostscript.com/show_bug.cgi?id=707793
Permissions Required
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostp...
Patch
https://github.com/ArtifexSoftware/ghostpdl/blob/mas...
Product
https://www.suse.com/support/update/announcement/202...
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/11...

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-31431 ⚠️ high 7.8 2.4 In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-pla... 2026-04-22
CVE-2026-4775 ⚠️ high 7.8 0.0 A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the ... 2026-03-24
CVE-2026-1940 🔶 medium 5.1 0.0 An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added... 2026-03-23
CVE-2025-63261 ⚠️ high 7.8 0.1 AWStats 8.0 is vulnerable to Command Injection via the open function 2026-03-20
CVE-2026-25702 ⚠️ high 7.3 0.1 A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causi... 2026-03-05
CVE-2026-25506 ⚠️ high 7.7 0.0 MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can ... 2026-02-10
These CVEs affect the same products