CVE-2024-46951

Name
CVE-2024-46951
Description
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
https://bugs.ghostscript.com/show_bug.cgi?id=707991
https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8
https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/
af854a3a-2127-422b-91ae-364da2661108 https://lists.debian.org/debian-lts-announce/2024/11/msg00023.html

Match rules

CPE URI Source package Min version Max version
n/a == n/a == n/a
cpe:2.3:a:artifex:ghostscript:10.04.0:*:*:*:*:*:*:* ghostscript == 10.04.0 == 10.04.0
cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:* ghostscript >= None < 10.04.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
ghostscript edge-main 10.04.0-r0 Cameron Banta <cbanta@gmail.com> fixed
ghostscript 3.21-main 10.04.0-r0 Cameron Banta <cbanta@gmail.com> fixed
ghostscript 3.20-main 10.04.0-r0 Cameron Banta <cbanta@gmail.com> fixed
ghostscript 3.19-main 10.04.0-r0 Cameron Banta <cbanta@gmail.com> fixed
ghostscript 3.18-main 10.04.0-r0 Cameron Banta <cbanta@gmail.com> fixed