{
  "threat_severity" : "Moderate",
  "public_date" : "2024-11-10T00:00:00Z",
  "bugzilla" : {
    "description" : "ghostscript: Path Traversal and Code Execution via Integer Overflow in Ghostscript",
    "id" : "2325045",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2325045"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-190",
  "details" : [ "An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.", "A flaw was found in Artifex Ghostscript base/gsdevice.c. This vulnerability allows path truncation, path traversal, and possible code execution via an integer overflow when parsing the filename format string for the output filename." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHSA-2025:7499",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.0",
    "package" : "ghostscript-0:10.02.1-15.el10_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-04-30T00:00:00Z",
    "advisory" : "RHSA-2025:4362",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "ghostscript-0:9.27-16.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHSA-2025:7422",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "ghostscript-0:9.54.0-18.el9_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "ghostscript",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "gimp:flatpak/ghostscript",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-46953\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-46953\nhttps://bugs.ghostscript.com/show_bug.cgi?id=707793\nhttps://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1f21a45df0fa3abec4cff12951022b192dda3c00\nhttps://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html\nhttps://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/" ],
  "name" : "CVE-2024-46953",
  "csaw" : false
}