CVE-2024-46954 – A directory traversal vulnerability in Ghostscr... (How to Fix)

Q: What is the severity of CVE-2024-46954?

CVE-2024-46954 has a CVSS score of 7.8 (HIGH). A directory traversal vulnerability in Ghostscript's UTF-8 decoder allows attackers to escape directory restrictions via specially crafted overlong UTF-8 sequences. This affects systems processing untrusted PostScript, PDF, or EPS files with Ghostscript versions before 10.04.0. The vulnerability could allow reading or writing files outside intended directories.

📋 TL;DR

A directory traversal vulnerability in Ghostscript's UTF-8 decoder allows attackers to escape directory restrictions via specially crafted overlong UTF-8 sequences. This affects systems processing untrusted PostScript, PDF, or EPS files with Ghostscript versions before 10.04.0. The vulnerability could allow reading or writing files outside intended directories.

💻 Affected Systems

Products:

Artifex Ghostscript
Applications using Ghostscript library (e.g., ImageMagick, GIMP, document converters)

Versions: All versions before 10.04.0

Operating Systems: All platforms where Ghostscript is installed

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when processing files with overlong UTF-8 sequences that decode to '../' directory traversal sequences.

📦 What is this software?

Ghostscript by Artifex

View all CVEs affecting Ghostscript →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Arbitrary file read/write leading to sensitive data exposure, file corruption, or potential remote code execution if combined with other vulnerabilities.

🟠

Likely Case

Unauthorized file access allowing attackers to read sensitive configuration files or write malicious files to unexpected locations.

🟢

If Mitigated

Limited impact if Ghostscript runs in sandboxed environments with strict file system restrictions and processes only trusted documents.

🌐 Internet-Facing: HIGH - Web applications converting user-uploaded PDF/PostScript files are directly exposed.

🏢 Internal Only: MEDIUM - Internal document processing systems could be exploited via malicious documents.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW - Requires only a malicious document file.

Exploitation requires the attacker to provide a malicious document file to a vulnerable Ghostscript instance.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.04.0

Vendor Advisory: https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html

Restart Required: No

Instructions:

1. Download Ghostscript 10.04.0 or later from official sources. 2. Compile and install following vendor instructions. 3. Restart any services using Ghostscript.

🔧 Temporary Workarounds

Enable SAFER mode

all

Run Ghostscript with -dSAFER flag to restrict file system access.

gs -dSAFER -sDEVICE=... input.ps

Disable UTF-8 processing

all

Configure applications to avoid UTF-8 processing in Ghostscript if possible.

🧯 If You Can't Patch

Isolate Ghostscript processes using containerization or sandboxing with minimal file system permissions.
Implement strict input validation to reject documents with suspicious UTF-8 sequences before Ghostscript processing.

🔍 How to Verify

Check if Vulnerable:

Check Ghostscript version: gs --version. If version is below 10.04.0, system is vulnerable.

Check Version:

gs --version

Verify Fix Applied:

After patching, verify version is 10.04.0 or higher and test with known safe documents.

📡 Detection & Monitoring

Log Indicators:

Ghostscript error logs showing UTF-8 decoding failures
Unexpected file access patterns in system logs

Network Indicators:

Large volumes of document uploads to conversion services

SIEM Query:

source="ghostscript.log" AND ("UTF-8" OR "decode" OR "traversal")

📊 Metadata

CVE ID: CVE-2024-46954

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: November 10, 2024

Last Updated: August 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46954, you might also want to check these: