REDHAT-BUG-2325045: Integer Overflow
First published: Sun Nov 10 2024(Updated: )
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ghostscript | <10.04.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2325045?
REDHAT-BUG-2325045 has a critical severity due to the potential for code execution and path traversal.
How do I fix REDHAT-BUG-2325045?
To fix REDHAT-BUG-2325045, upgrade to Ghostscript version 10.04.0 or higher.
What causes REDHAT-BUG-2325045?
REDHAT-BUG-2325045 is caused by an integer overflow when parsing the filename format string in Ghostscript.
What are the risks associated with REDHAT-BUG-2325045?
The risks associated with REDHAT-BUG-2325045 include path truncation, path traversal, and possible remote code execution.
Which versions of Ghostscript are affected by REDHAT-BUG-2325045?
All versions of Ghostscript prior to 10.04.0 are affected by REDHAT-BUG-2325045.
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-46953
- agent/last-modified-date
- agent/weakness
- agent/source
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/severity
- agent/event
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/artifex
- canonical/ghostscript