DEBIAN-CVE-2024-46953

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2024-46953
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-46953.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2024-46953
Upstream
Published
2024-11-10T22:15:12Z
Modified
2025-09-19T07:35:16.925469Z
Summary
[none]
Details

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.

References

Affected packages

Debian:11 / ghostscript

Package

Name
ghostscript
Purl
pkg:deb/debian/ghostscript?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.53.3~dfsg-7+deb11u9

Affected versions

9.*

9.53.3~dfsg-7
9.53.3~dfsg-7+deb11u1
9.53.3~dfsg-7+deb11u2
9.53.3~dfsg-7+deb11u3
9.53.3~dfsg-7+deb11u4
9.53.3~dfsg-7+deb11u5
9.53.3~dfsg-7+deb11u6
9.53.3~dfsg-7+deb11u7
9.53.3~dfsg-7+deb11u8

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / ghostscript

Package

Name
ghostscript
Purl
pkg:deb/debian/ghostscript?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.0.0~dfsg-11+deb12u6

Affected versions

10.*

10.0.0~dfsg-11
10.0.0~dfsg-11+deb12u1
10.0.0~dfsg-11+deb12u2
10.0.0~dfsg-11+deb12u3
10.0.0~dfsg-11+deb12u4
10.0.0~dfsg-11+deb12u5

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / ghostscript

Package

Name
ghostscript
Purl
pkg:deb/debian/ghostscript?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.04.0~dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / ghostscript

Package

Name
ghostscript
Purl
pkg:deb/debian/ghostscript?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.04.0~dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}