INFSA-2025:7499: ghostscript security update
Information about definition
Identificator: INFSA-2025:7499
Type: security
Release date: 2025-07-17 21:40:42 UTC
Information about package
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.
Vulnerabilities description
- CVE-2024-46951
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.
- CVE-2024-46952
An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values).
- CVE-2024-46953
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
- CVE-2024-46954
A flaw was found in Ghostscript/base/gp_utf8.c. This vulnerability allows directory traversal via overlong UTF-8 encoding, potentially leading to unauthorized access to filesystem directories.
- CVE-2024-46956
A flaw was found in Artifex Ghostscript's psi/zfile.c component. This vulnerability allows arbitrary code execution via out-of-bounds data access.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-46951
|
no information | 7.8 | no information |
|
NIST — CVE-2024-46952
|
no information | 7.8 | no information |
|
NIST — CVE-2024-46953
|
no information | 7.8 | no information |
|
NIST — CVE-2024-46954
|
no information | 7.8 | no information |
|
NIST — CVE-2024-46956
|
no information | 7.8 | no information |
Updated packages