CVE-2024-46953

{"id": "CVE-2024-46953", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-11-10T22:15:12.750", "references": [{"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707793", "tags": ["Permissions Required"], "source": "cve@mitre.org"}, {"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1f21a45df0fa3abec4cff12951022b192dda3c00", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en base/gsdevice.c en Artifex Ghostscript anterior a la versi\u00f3n 10.04.0. Un desbordamiento de enteros al analizar la cadena de formato de nombre de archivo (para el nombre de archivo de salida) da como resultado el truncamiento de la ruta y la posible traves\u00eda de la ruta y la ejecuci\u00f3n del c\u00f3digo."}], "lastModified": "2024-11-14T02:01:09.580", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4202C3F1-622D-4443-B2F0-1C26F73BD662", "versionEndExcluding": "10.04.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:12.0:sp5:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "F8C8AD43-557D-4285-BA46-9C5785F53229"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "9F714147-87CC-4DAF-81E4-C6DFA7C4F2AE"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:ltss:*:*:*", "vulnerable": true, "matchCriteriaId": "930B3D1B-202E-4FE9-8737-329874F1D821"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:ltss_extended_security:*:*:*", "vulnerable": true, "matchCriteriaId": "AE1A79C4-DC01-4CC6-A745-C20E70C3FF03"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:sp5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21ED3679-51E2-4D12-84AD-ACCE27B55F13"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}