The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5808 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5808-1                   security@debian.org     https://www.debian.org/security/                     Salvatore Bonaccorso     November 11, 2024                     https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : ghostscript     CVE ID         : CVE-2024-46951 CVE-2024-46952 CVE-2024-46953 CVE-2024-46955                      CVE-2024-46956

    Multiple security issues were discovered in Ghostscript, the GPL     PostScript/PDF interpreter, which could result in denial of service and     potentially the execution of arbitrary code if malformed document files     are processed.

    For the stable distribution (bookworm), these problems have been fixed in     version 10.0.0~dfsg-11+deb12u6.

    We recommend that you upgrade your ghostscript packages.

    For the detailed security status of ghostscript please refer to its     security tracker page at:
    https://security-tracker.debian.org/tracker/ghostscript

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dsa-5808 : ghostscript - security update

high Nessus Plugin ID 210742

Version 1.2

Version 1.1

Version 1.2 Nov 13, 2024, 9:36 AM CVSS metrics ("CVSSv3 score" set to 8.4) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") CVSSv3 score source (set to "CVE-2024-46952") Plugin Feed: 202411130936
Version 1.1 Nov 11, 2024, 10:02 PM New Plugin Feed: 202411112202