Cyber Resilience

CVE-2024-46956

High

Published: 10 November 2024

Published
10 November 2024
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0030 53.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-46956 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Suse Linux Enterprise Server. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 46.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

CVE-2024-46956 enables arbitrary code execution via out-of-bounds data access in Ghostscript's filenameforall function when processing malicious PostScript or PDF files, facilitating Exploitation for Client Execution.

Affected Assets

artifex
ghostscript
≤ 10.04.0
debian
debian linux
12.0
suse
linux enterprise high performance computing
12.0
suse
linux enterprise server
12
suse
linux enterprise server for sap
12

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References