CVE-2024-46956 is a vulnerability identified in the psi/zfile.c source file of Artifex Ghostscript versions before 10.04.0. The issue arises from an out-of-bounds data access in the filenameforall function, which is part of the file handling subsystem. This memory safety flaw is classified under CWE-125 (Out-of-bounds Read), allowing an attacker to manipulate the program's memory access patterns. Exploiting this vulnerability can lead to arbitrary code execution, enabling an attacker to run malicious code with the privileges of the Ghostscript process. The CVSS 3.1 base score is 7.8, indicating high severity, with an attack vector classified as local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). No public exploits have been reported yet, but the vulnerability poses a significant risk due to the widespread use of Ghostscript for processing PostScript and PDF files in various applications and services. The lack of a patch link suggests that users should monitor official channels for updates or consider workarounds to mitigate risk until a patch is available.

The vulnerability allows arbitrary code execution, which can compromise the confidentiality, integrity, and availability of affected systems. For European organizations, this means that attackers could potentially execute malicious code locally, leading to data breaches, system compromise, or denial of service. Organizations that rely on Ghostscript for document processing, especially in sectors like government, finance, publishing, and legal services, are at higher risk. The requirement for local access and user interaction limits remote exploitation but does not eliminate risk, as attackers could leverage social engineering or insider threats. The high impact on all security properties makes this vulnerability critical for environments where Ghostscript is integrated into automated workflows or exposed to untrusted inputs.

1. Upgrade to Artifex Ghostscript version 10.04.0 or later as soon as the patch becomes available. 2. Until patched, restrict access to systems running vulnerable Ghostscript versions, limiting user permissions and network exposure. 3. Implement strict input validation and sandboxing for any service or application invoking Ghostscript to process untrusted files. 4. Monitor logs for unusual activity related to Ghostscript usage, especially attempts to process malformed or suspicious PostScript/PDF files. 5. Educate users about the risks of opening untrusted documents that might trigger Ghostscript processing. 6. Consider disabling or replacing Ghostscript in workflows where feasible, or use containerization to isolate its execution environment. 7. Stay updated with vendor advisories and threat intelligence feeds for any emerging exploit information.