Cyber Resilience

CVE-2024-46953

High

Published: 10 November 2024

Published
10 November 2024
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0011 28.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-46953 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Suse Linux Enterprise Server. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 28.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

CVE-2024-46953 enables arbitrary code execution via integer overflow in Ghostscript's filename parsing, facilitating exploitation of client-side software when processing malicious PostScript/PDF files.

Affected Assets

artifex
ghostscript
≤ 10.04.0
debian
debian linux
12.0
suse
linux enterprise high performance computing
12.0
suse
linux enterprise server
12
suse
linux enterprise server for sap
12

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References