An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal.
References
Configurations
History
14 Nov 2024, 01:58
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugs.ghostscript.com/show_bug.cgi?id=707788 - Permissions Required | |
References | () https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=55f587dd039282316f512e1bea64218fd991f934 - Patch | |
References | () https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html - Product | |
First Time |
Artifex
Artifex ghostscript |
|
CPE | cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
12 Nov 2024, 21:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.4 |
CWE | CWE-22 |
12 Nov 2024, 13:55
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
10 Nov 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-10 22:15
Updated : 2024-11-14 01:58
NVD link : CVE-2024-46954
Mitre link : CVE-2024-46954
CVE.ORG link : CVE-2024-46954
JSON object : View
Products Affected
artifex
- ghostscript
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')