Описание
In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.
A flaw was found in Artifex Ghostscript, specifically in the decode_utf8 function within base/gp_utf8.c. The issue arises from the mishandling of overlong UTF-8 encoding, which can lead to unexpected behavior when processing certain inputs. This flaw could allow an attacker to manipulate text encoding, potentially leading to incorrect processing of UTF-8 characters or unexpected application behavior, and exists because of an incomplete fix for CVE-2024-46954.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | ghostscript | Fix deferred | ||
| Red Hat Enterprise Linux 6 | ghostscript | Fix deferred | ||
| Red Hat Enterprise Linux 7 | ghostscript | Fix deferred | ||
| Red Hat Enterprise Linux 8 | ghostscript | Fix deferred | ||
| Red Hat Enterprise Linux 9 | ghostscript | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
4.5 Medium
CVSS3
Связанные уязвимости
In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.
In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.
In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c m ...
In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.
EPSS
4.5 Medium
CVSS3