Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for linux_enterprise_server_for_sap by suse
CVE-2025-32463 (GCVE-0-2025-32463)
Vulnerability from nvd – Published: 2025-06-30 00:00 – Updated: 2026-02-26 17:50
VLAI?
Summary
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Severity ?
9.3 (Critical)
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sudo project | Sudo |
Affected:
1.9.14 , < 1.9.17p1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32463",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-27T03:55:22.188746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-09-29",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32463"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:20.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://iototsecnews.jp/2025/07/01/linux-sudo-chroot-vulnerability-enables-hackers-to-elevate-privileges-to-root/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32463"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-29T00:00:00.000Z",
"value": "CVE-2025-32463 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sudo",
"vendor": "Sudo project",
"versions": [
{
"lessThan": "1.9.17p1",
"status": "affected",
"version": "1.9.14",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.9.17p1",
"versionStartIncluding": "1.9.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T14:59:53.402Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.sudo.ws/security/advisories/"
},
{
"url": "https://www.sudo.ws/releases/changelog/"
},
{
"url": "https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot"
},
{
"url": "https://www.openwall.com/lists/oss-security/2025/06/30/3"
},
{
"url": "https://access.redhat.com/security/cve/cve-2025-32463"
},
{
"url": "https://ubuntu.com/security/notices/USN-7604-1"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2025-32463"
},
{
"url": "https://explore.alas.aws.amazon.com/CVE-2025-32463.html"
},
{
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463"
},
{
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502177-1/"
},
{
"url": "https://www.suse.com/security/cve/CVE-2025-32463.html"
},
{
"url": "https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/"
},
{
"url": "https://www.sudo.ws/security/advisories/chroot_bug/"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-32463-detect-sudo-vulnerability"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-32463-mitigate-sudo-vulnerability"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-32463",
"datePublished": "2025-06-30T00:00:00.000Z",
"dateReserved": "2025-04-09T00:00:00.000Z",
"dateUpdated": "2026-02-26T17:50:20.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46956 (GCVE-0-2024-46956)
Vulnerability from nvd – Published: 2024-11-10 00:00 – Updated: 2025-11-03 22:19
VLAI?
Summary
An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.
Severity ?
7.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:artifex:ghostscript:10.04.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ghostscript",
"vendor": "artifex",
"versions": [
{
"status": "affected",
"version": "10.04.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-46956",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-30T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T03:55:57.518Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:19:54.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-10T21:23:15.906Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707895"
},
{
"url": "https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html"
},
{
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/"
},
{
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f4151f12db32cd3ed26c24327de714bf2c3ed6ca"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-46956",
"datePublished": "2024-11-10T00:00:00.000Z",
"dateReserved": "2024-09-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T22:19:54.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46955 (GCVE-0-2024-46955)
Vulnerability from nvd – Published: 2024-11-10 00:00 – Updated: 2025-11-03 22:19
VLAI?
Summary
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.
Severity ?
5.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:artifex:ghostscript:10.04.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ghostscript",
"vendor": "artifex",
"versions": [
{
"status": "affected",
"version": "10.04.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-46955",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T19:58:59.187779Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T20:05:30.782Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:19:53.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-10T21:20:48.522Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707990"
},
{
"url": "https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html"
},
{
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/"
},
{
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=85bd9d2f4b792fe67aef22f1a4117457461b8ba6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-46955",
"datePublished": "2024-11-10T00:00:00.000Z",
"dateReserved": "2024-09-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T22:19:53.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46953 (GCVE-0-2024-46953)
Vulnerability from nvd – Published: 2024-11-10 00:00 – Updated: 2025-11-03 22:19
VLAI?
Summary
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
Severity ?
7.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:artifex:ghostscript:10.04.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ghostscript",
"vendor": "artifex",
"versions": [
{
"status": "affected",
"version": "10.04.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-46953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T19:59:32.165336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T20:19:56.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:19:52.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-10T21:14:20.813Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707793"
},
{
"url": "https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html"
},
{
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/"
},
{
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1f21a45df0fa3abec4cff12951022b192dda3c00"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-46953",
"datePublished": "2024-11-10T00:00:00.000Z",
"dateReserved": "2024-09-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T22:19:52.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46951 (GCVE-0-2024-46951)
Vulnerability from nvd – Published: 2024-11-10 00:00 – Updated: 2025-11-03 22:19
VLAI?
Summary
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.
Severity ?
7.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:artifex:ghostscript:10.04.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ghostscript",
"vendor": "artifex",
"versions": [
{
"status": "affected",
"version": "10.04.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-46951",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T19:59:49.348169Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T20:22:36.377Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:19:50.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-10T21:08:22.555Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707991"
},
{
"url": "https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html"
},
{
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8"
},
{
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-46951",
"datePublished": "2024-11-10T00:00:00.000Z",
"dateReserved": "2024-09-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T22:19:50.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-5898 (GCVE-0-2017-5898)
Vulnerability from nvd – Published: 2017-03-15 19:00 – Updated: 2024-08-05 15:11
VLAI?
Summary
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Date Public ?
2017-02-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2017:0582",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00048.html"
},
{
"name": "[oss-security] 20170207 Re: CVE request Qemu: usb: integer overflow in emulated_apdu_from_guest",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/07/3"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "SUSE-SU-2017:0570",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00045.html"
},
{
"name": "96112",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96112"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=c7dfbf322595ded4e70b626bf83158a9f3807c6a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1419699"
},
{
"name": "RHSA-2017:1856",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1856"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SU-2017:0582",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00048.html"
},
{
"name": "[oss-security] 20170207 Re: CVE request Qemu: usb: integer overflow in emulated_apdu_from_guest",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/07/3"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "SUSE-SU-2017:0570",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00045.html"
},
{
"name": "96112",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96112"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=c7dfbf322595ded4e70b626bf83158a9f3807c6a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1419699"
},
{
"name": "RHSA-2017:1856",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1856"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2017:0582",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00048.html"
},
{
"name": "[oss-security] 20170207 Re: CVE request Qemu: usb: integer overflow in emulated_apdu_from_guest",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/07/3"
},
{
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201702-28",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "SUSE-SU-2017:0570",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00045.html"
},
{
"name": "96112",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96112"
},
{
"name": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a",
"refsource": "CONFIRM",
"url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1419699",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1419699"
},
{
"name": "RHSA-2017:1856",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1856"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5898",
"datePublished": "2017-03-15T19:00:00.000Z",
"dateReserved": "2017-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:11:48.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32463 (GCVE-0-2025-32463)
Vulnerability from cvelistv5 – Published: 2025-06-30 00:00 – Updated: 2026-02-26 17:50
VLAI?
Summary
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Severity ?
9.3 (Critical)
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sudo project | Sudo |
Affected:
1.9.14 , < 1.9.17p1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32463",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-27T03:55:22.188746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-09-29",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32463"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:20.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://iototsecnews.jp/2025/07/01/linux-sudo-chroot-vulnerability-enables-hackers-to-elevate-privileges-to-root/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32463"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-29T00:00:00.000Z",
"value": "CVE-2025-32463 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sudo",
"vendor": "Sudo project",
"versions": [
{
"lessThan": "1.9.17p1",
"status": "affected",
"version": "1.9.14",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.9.17p1",
"versionStartIncluding": "1.9.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T14:59:53.402Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.sudo.ws/security/advisories/"
},
{
"url": "https://www.sudo.ws/releases/changelog/"
},
{
"url": "https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot"
},
{
"url": "https://www.openwall.com/lists/oss-security/2025/06/30/3"
},
{
"url": "https://access.redhat.com/security/cve/cve-2025-32463"
},
{
"url": "https://ubuntu.com/security/notices/USN-7604-1"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2025-32463"
},
{
"url": "https://explore.alas.aws.amazon.com/CVE-2025-32463.html"
},
{
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463"
},
{
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502177-1/"
},
{
"url": "https://www.suse.com/security/cve/CVE-2025-32463.html"
},
{
"url": "https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/"
},
{
"url": "https://www.sudo.ws/security/advisories/chroot_bug/"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-32463-detect-sudo-vulnerability"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-32463-mitigate-sudo-vulnerability"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-32463",
"datePublished": "2025-06-30T00:00:00.000Z",
"dateReserved": "2025-04-09T00:00:00.000Z",
"dateUpdated": "2026-02-26T17:50:20.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46953 (GCVE-0-2024-46953)
Vulnerability from cvelistv5 – Published: 2024-11-10 00:00 – Updated: 2025-11-03 22:19
VLAI?
Summary
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
Severity ?
7.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:artifex:ghostscript:10.04.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ghostscript",
"vendor": "artifex",
"versions": [
{
"status": "affected",
"version": "10.04.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-46953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T19:59:32.165336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T20:19:56.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:19:52.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-10T21:14:20.813Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707793"
},
{
"url": "https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html"
},
{
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/"
},
{
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1f21a45df0fa3abec4cff12951022b192dda3c00"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-46953",
"datePublished": "2024-11-10T00:00:00.000Z",
"dateReserved": "2024-09-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T22:19:52.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46956 (GCVE-0-2024-46956)
Vulnerability from cvelistv5 – Published: 2024-11-10 00:00 – Updated: 2025-11-03 22:19
VLAI?
Summary
An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.
Severity ?
7.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:artifex:ghostscript:10.04.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ghostscript",
"vendor": "artifex",
"versions": [
{
"status": "affected",
"version": "10.04.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-46956",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-30T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T03:55:57.518Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:19:54.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-10T21:23:15.906Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707895"
},
{
"url": "https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html"
},
{
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/"
},
{
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f4151f12db32cd3ed26c24327de714bf2c3ed6ca"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-46956",
"datePublished": "2024-11-10T00:00:00.000Z",
"dateReserved": "2024-09-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T22:19:54.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46951 (GCVE-0-2024-46951)
Vulnerability from cvelistv5 – Published: 2024-11-10 00:00 – Updated: 2025-11-03 22:19
VLAI?
Summary
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.
Severity ?
7.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:artifex:ghostscript:10.04.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ghostscript",
"vendor": "artifex",
"versions": [
{
"status": "affected",
"version": "10.04.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-46951",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T19:59:49.348169Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T20:22:36.377Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:19:50.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-10T21:08:22.555Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707991"
},
{
"url": "https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html"
},
{
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8"
},
{
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-46951",
"datePublished": "2024-11-10T00:00:00.000Z",
"dateReserved": "2024-09-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T22:19:50.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46955 (GCVE-0-2024-46955)
Vulnerability from cvelistv5 – Published: 2024-11-10 00:00 – Updated: 2025-11-03 22:19
VLAI?
Summary
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.
Severity ?
5.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:artifex:ghostscript:10.04.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ghostscript",
"vendor": "artifex",
"versions": [
{
"status": "affected",
"version": "10.04.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-46955",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T19:58:59.187779Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T20:05:30.782Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:19:53.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-10T21:20:48.522Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707990"
},
{
"url": "https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html"
},
{
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/"
},
{
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=85bd9d2f4b792fe67aef22f1a4117457461b8ba6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-46955",
"datePublished": "2024-11-10T00:00:00.000Z",
"dateReserved": "2024-09-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T22:19:53.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-5898 (GCVE-0-2017-5898)
Vulnerability from cvelistv5 – Published: 2017-03-15 19:00 – Updated: 2024-08-05 15:11
VLAI?
Summary
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Date Public ?
2017-02-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2017:0582",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00048.html"
},
{
"name": "[oss-security] 20170207 Re: CVE request Qemu: usb: integer overflow in emulated_apdu_from_guest",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/07/3"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "SUSE-SU-2017:0570",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00045.html"
},
{
"name": "96112",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96112"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=c7dfbf322595ded4e70b626bf83158a9f3807c6a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1419699"
},
{
"name": "RHSA-2017:1856",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1856"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SU-2017:0582",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00048.html"
},
{
"name": "[oss-security] 20170207 Re: CVE request Qemu: usb: integer overflow in emulated_apdu_from_guest",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/07/3"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "SUSE-SU-2017:0570",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00045.html"
},
{
"name": "96112",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96112"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=c7dfbf322595ded4e70b626bf83158a9f3807c6a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1419699"
},
{
"name": "RHSA-2017:1856",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1856"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2017:0582",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00048.html"
},
{
"name": "[oss-security] 20170207 Re: CVE request Qemu: usb: integer overflow in emulated_apdu_from_guest",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/07/3"
},
{
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201702-28",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "SUSE-SU-2017:0570",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00045.html"
},
{
"name": "96112",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96112"
},
{
"name": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a",
"refsource": "CONFIRM",
"url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1419699",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1419699"
},
{
"name": "RHSA-2017:1856",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1856"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5898",
"datePublished": "2017-03-15T19:00:00.000Z",
"dateReserved": "2017-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:11:48.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}