ГлавнаяУязвимости → CVE-2024-46953
7.8высокая

CVE-2024-46953

→ есть в БДУ: BDU:2024-09743 (на русском)
Описание (на английском; русское — в БДУ выше)

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.

Затрагиваемое ПО
Artifex GhostscriptDebian Debian linuxSuse Linux enterprise high performance computingSuse Linux enterprise serverSuse Linux enterprise server for sap
CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Источники
https://bugs.ghostscript.com/show_bug.cgi?id=707793https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1f21a45df0fa3abec4cff12951022b192dda3c00https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.htmlhttps://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/https://lists.debian.org/debian-lts-announce/2024/11/msg00023.html