An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-69af78a508 advisory.

    CVE-2024-46951 ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space     (fedora#2325238)

    2325241 - CVE-2024-46952 CVE-2024-46953 CVE-2024-46954 CVE-2024-46955 CVE-2024-46956 ghostscript: various     flaws [fedora-41]

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b1877232ce advisory.

    CVE-2024-46951 ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space     (fedora#2325237)

    2325240 - CVE-2024-46952 CVE-2024-46953 CVE-2024-46954 CVE-2024-46955 CVE-2024-46956 ghostscript: various     flaws

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Multiple vulnerabilities exist in Artifex Ghostscript versions prior to 10.04.0. See vendor advisory for more details. 

  - An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer     overflow during handling of a PDF XRef stream (related to W array values). (CVE-2024-46952)

  - An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong     UTF-8 encoding leads to possible ../ directory traversal. (CVE-2024-46954)

  - An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access     in filenameforall can lead to arbitrary code execution. (CVE-2024-46956) 

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7103-1 advisory.

    It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use     this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary     code. (CVE-2024-46951, CVE-2024-46953, CVE-2024-46955, CVE-2024-46956)

    It was discovered that Ghostscript incorrectly handled parsing certain PDF files. An attacker could use     this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary     code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. (CVE-2024-46952)

    It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use     this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly bypass file path     validation. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-46954)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5808 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5808-1                   security@debian.org     https://www.debian.org/security/                     Salvatore Bonaccorso     November 11, 2024                     https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : ghostscript     CVE ID         : CVE-2024-46951 CVE-2024-46952 CVE-2024-46953 CVE-2024-46955                      CVE-2024-46956

    Multiple security issues were discovered in Ghostscript, the GPL     PostScript/PDF interpreter, which could result in denial of service and     potentially the execution of arbitrary code if malformed document files     are processed.

    For the stable distribution (bookworm), these problems have been fixed in     version 10.0.0~dfsg-11+deb12u6.

    We recommend that you upgrade your ghostscript packages.

    For the detailed security status of ghostscript please refer to its     security tracker page at:
    https://security-tracker.debian.org/tracker/ghostscript

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3941-1 advisory.

    - CVE-2024-46951: Fixed arbitrary code execution via unchecked 'Implementation' pointer in 'Pattern' color     space (bsc#1232265).
    - CVE-2024-46953: Fixed integer overflow when parsing the page format results in path truncation, path     traversal, code execution (bsc#1232267).
    - CVE-2024-46956: Fixed arbitrary code execution via out of bounds data access in filenameforall     (bsc#1232270).
    - CVE-2024-46955: Fixed out of bounds read when reading color in 'Indexed' color space (bsc#1232269).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3942-1 advisory.

    - CVE-2024-46951: Fixed arbitrary code execution via unchecked 'Implementation' pointer in 'Pattern' color     space (bsc#1232265).
    - CVE-2024-46953: Fixed integer overflow when parsing the page format results in path truncation, path     traversal, code execution (bsc#1232267).
    - CVE-2024-46956: Fixed arbitrary code execution via out of bounds data access in filenameforall     (bsc#1232270).
    - CVE-2024-46955: Fixed out of bounds read when reading color in 'Indexed' color space (bsc#1232269).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
211497	Fedora 41 : ghostscript (2024-69af78a508)	Nessus	Fedora Local Security Checks	high
211481	Fedora 40 : ghostscript (2024-b1877232ce)	Nessus	Fedora Local Security Checks	high
210946	Artifex Ghostscript < 10.04.0 Multiple Vulnerabilities	Nessus	Windows	high
210776	Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Ghostscript vulnerabilities (USN-7103-1)	Nessus	Ubuntu Local Security Checks	high
210742	Debian dsa-5808 : ghostscript - security update	Nessus	Debian Local Security Checks	high
210578	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ghostscript (SUSE-SU-2024:3941-1)	Nessus	SuSE Local Security Checks	high
210577	SUSE SLES12 Security Update : ghostscript (SUSE-SU-2024:3942-1)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2024-46956

high

Tenable Plugins

high

high

high

high

high

high

high