CVE-2024-46951
ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.
A flaw was found in Artifex Ghostscript's psi/zcolor.c component. This vulnerability allows arbitrary code execution via an unchecked implementation pointer in the Pattern color space.
This update for ghostscript fixes the following issues. Fixed arbitrary code execution via unchecked "Implementation" pointer in "Pattern" color space. Fixed integer overflow when parsing the page format results in path truncation, path traversal, code execution. Fixed arbitrary code execution via out of bounds data access in filenameforall. Fixed out of bounds read when reading color in "Indexed" color space.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-09-16 CVE Reserved
- 2024-11-07 CVE Published
- 2024-11-12 CVE Updated
- 2025-07-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-824: Access of Uninitialized Pointer
CAPEC
References (6)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-46951 | 2025-05-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2325043 | 2025-05-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Artifex Search vendor "Artifex" | Ghostscript Search vendor "Artifex" for product "Ghostscript" | * | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | * | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | * | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise High Performance Computing Search vendor "Suse" for product "Linux Enterprise High Performance Computing" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Server For Sap Search vendor "Suse" for product "Linux Enterprise Server For Sap" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle-module-basesystem Search vendor "Suse" for product "Sle-module-basesystem" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle Hpc-espos Search vendor "Suse" for product "Sle Hpc-espos" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle Hpc-ltss Search vendor "Suse" for product "Sle Hpc-ltss" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle Hpc Search vendor "Suse" for product "Sle Hpc" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sled Search vendor "Suse" for product "Sled" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sles-ltss-extended-security Search vendor "Suse" for product "Sles-ltss-extended-security" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sles-ltss Search vendor "Suse" for product "Sles-ltss" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sles Search vendor "Suse" for product "Sles" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sles Sap Search vendor "Suse" for product "Sles Sap" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse-manager-proxy Search vendor "Suse" for product "Suse-manager-proxy" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse-manager-server Search vendor "Suse" for product "Suse-manager-server" | * | - |
Affected
| ||||||