Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-9q8n-jfqs-bkg6
Vulnerability ID VCID-9q8n-jfqs-bkg6
Aliases CVE-2024-46952
Summary Multiple vulnerabilities have been discovered in GPL Ghostscript, the worst of which could lead to arbitrary code execution.
Status Published
Exploitability 0.5
Weighted Severity 7.6
Risk 3.8
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
System Score Found at
cvssv3 7.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-46952.json
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2024-46952
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2024-46952
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2024-46952
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2024-46952
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2024-46952
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2024-46952
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2024-46952
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2024-46952
cvssv3.1 8.4 https://bugs.ghostscript.com/show_bug.cgi?id=708001
ssvc Track https://bugs.ghostscript.com/show_bug.cgi?id=708001
cvssv3.1 8.4 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b1f0827c30f59a2dcbc8a39e42cace7a1de35f7f
ssvc Track https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b1f0827c30f59a2dcbc8a39e42cace7a1de35f7f
cvssv3.1 7.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 8.4 https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html
ssvc Track https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-46952.json
https://api.first.org/data/v1/epss?cve=CVE-2024-46952
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2325041 https://bugzilla.redhat.com/show_bug.cgi?id=2325041
GLSA-202501-06 https://security.gentoo.org/glsa/202501-06
?id=b1f0827c30f59a2dcbc8a39e42cace7a1de35f7f https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b1f0827c30f59a2dcbc8a39e42cace7a1de35f7f
News.html https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html
RHSA-2025:4362 https://access.redhat.com/errata/RHSA-2025:4362
RHSA-2025:7422 https://access.redhat.com/errata/RHSA-2025:7422
RHSA-2025:7499 https://access.redhat.com/errata/RHSA-2025:7499
show_bug.cgi?id=708001 https://bugs.ghostscript.com/show_bug.cgi?id=708001
USN-7103-1 https://usn.ubuntu.com/7103-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-46952.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugs.ghostscript.com/show_bug.cgi?id=708001
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-12T20:27:55Z/ Found at https://bugs.ghostscript.com/show_bug.cgi?id=708001
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b1f0827c30f59a2dcbc8a39e42cace7a1de35f7f
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-12T20:27:55Z/ Found at https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b1f0827c30f59a2dcbc8a39e42cace7a1de35f7f
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-12T20:27:55Z/ Found at https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html
Exploit Prediction Scoring System (EPSS)
Percentile 0.21829
EPSS Score 0.00071
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:10:21.491371+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202501-06 38.0.0