Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-46646

Опубликовано: 26 апр. 2025
Источник: redhat
CVSS3: 4.5
EPSS Низкий

Описание

In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.

A flaw was found in Artifex Ghostscript, specifically in the decode_utf8 function within base/gp_utf8.c. The issue arises from the mishandling of overlong UTF-8 encoding, which can lead to unexpected behavior when processing certain inputs. This flaw could allow an attacker to manipulate text encoding, potentially leading to incorrect processing of UTF-8 characters or unexpected application behavior, and exists because of an incomplete fix for CVE-2024-46954.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10ghostscriptFix deferred
Red Hat Enterprise Linux 6ghostscriptFix deferred
Red Hat Enterprise Linux 7ghostscriptFix deferred
Red Hat Enterprise Linux 8ghostscriptFix deferred
Red Hat Enterprise Linux 9ghostscriptFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-24
https://bugzilla.redhat.com/show_bug.cgi?id=2362446Ghostscript: Mishandling of Overlong UTF-8 Encoding in Artifex Ghostscript's decode_utf8 Function

EPSS

Процентиль: 6%
0.00025
Низкий

4.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-46646

CVSS3: 4.5
ubuntu
10 месяцев назад

In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.

nvd логотип

CVE-2025-46646

CVSS3: 4.5
nvd
10 месяцев назад

In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.

debian логотип

CVE-2025-46646

CVSS3: 4.5
debian
10 месяцев назад

In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c m ...

github логотип

GHSA-56g6-5g9j-wjc3

CVSS3: 4.5
github
10 месяцев назад

In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.

fstec логотип

BDU:2025-11969

CVSS3: 4.5
fstec
10 месяцев назад

Уязвимость функции decode_utf8 компонента base/gp_utf8.c набора программного обеспечения обработки документов Ghostscript, озволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность

EPSS

Процентиль: 6%
0.00025
Низкий

4.5 Medium

CVSS3