{"id":"CVE-2024-46952","details":"An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values).","modified":"2026-05-19T08:30:07.168066Z","published":"2024-11-10T00:00:00Z","related":["ALSA-2025:4362","ALSA-2025:7422","openSUSE-SU-2024:14423-1"],"database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/46xxx/CVE-2024-46952.json"},"references":[{"type":"WEB","url":"https://bugs.ghostscript.com/show_bug.cgi?id=708001"},{"type":"WEB","url":"https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b1f0827c30f59a2dcbc8a39e42cace7a1de35f7f"},{"type":"WEB","url":"https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/46xxx/CVE-2024-46952.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46952"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/artifexsoftware/ghostpdl","events":[{"introduced":"0"},{"fixed":"df8f4966577fff70320be2eb33cb55eb15d05d52"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"10.04.0"}],"source":"DESCRIPTION"}}],"versions":["ghostpdl-10.04.0rc2_test001","ghostpdl-10.04.0rc1","ghostpdl-10.04.0rc1_test001","robin_test_ref","ghostpdl-10.01.1-gse-10174","ghostpdl-10.02.0-test-base-001","ken_20220210_baseline","ghostpdl-9.56.0-test-base-5","ghostpdl-9.56.0-test-base-4","ghostpdl-9.56.0-test-base-3","ghostpdl-9.56.0-test-base-2","ghostpdl-9.56.0-test-base-0","ghostpdl-9.55-test-base-0","ghostpdl-9.54.0-test-base-0","ghostpdl-9.52-test-base-4","ghostpdl-9.52-test-base-3","ghostpdl-9.52-test-base-1","chrisl-test","jbig2dec-0.14","ghostpdl-9.02","ghostpdl","ghostscript-9.02","ghostscript-9.01","ghostpdl-9.01","ghostpdl-9.00","ghostpdl-8.71","ghostscript-8.71","ghostpdl-8.70","ghostscript-8.70","ghostpdl-ebuild","ghostpdl-1.54","ghostscript-8.64","ghostpdl-1.53","ghostscript-8.63","ghostscript-8.62","ghostscript-8.61","ghostscript-8.60","ghostscript-8.57","ghostscript-8.56","ghostscript-8.53","ghostscript-8.52","ghostscript-8.51","ghostscript-8.50","ghostscript-8.33","ghostscript-8.32","ghostscript-8.31","ghostscript-8.30","ghostscript-8.12","ghostscript-8.11","ghostscript-8.10","ghostscript-8.15","ghostscript-8.14","ghostscript-8.13","ghostscript-8.00","ghostscript-8.01","ghostscript-7.33","ghostscript-7.32","ghostscript-7.31","ghostscript-7.30","ghostscript-7.22","ghostscript-7.21","ghostscript-7.20","ghostscript-7.03","ghostscript-7.04","ghostscript-7.02","ghostscript-7.00","ghostscript-6.64","ghostscript-6.63","ghostscript-6.62","ghostscript-6.61","ghostscript-6.60","ghostscript-6.30","ghostscript-6.50","ghostscript-6.32","ghostscript-6.31","ghostscript-6.23","ghostscript-6.22","ghostscript-6.21","ghostscript-6.20","ghostscript-6.01","ghostscript-6.0"],"database_specific":{"vanir_signatures_modified":"2026-05-19T08:30:07Z","vanir_signatures":[{"target":{"file":"base/gscdefs.h"},"source":"https://github.com/artifexsoftware/ghostpdl/commit/df8f4966577fff70320be2eb33cb55eb15d05d52","signature_version":"v1","signature_type":"Line","id":"CVE-2024-46952-678ed2ab","deprecated":false,"digest":{"line_hashes":["51349389685971879127722065848668744976","38793997789482228263181637852994441109","236140452785076161394171543611930980858","252281609283495551321526765862374920250"],"threshold":0.9}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-46952.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}