ALT-PU-2025-6828-2 — ghostscript

BDU:2025-03704

HIGH7.8

Уязвимость функции Type 4 файла pdf/pdf_func.c набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю выполнить произвольный код

Published: 2025-04-02Modified: 2026-03-04

CVSS 3.xHIGH 7.8

CVSS:3.x/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.2

CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2025-27834

BDU:2025-03705

CRITICAL9.8

Уязвимость файла contrib/japanese/gdevnpdl.c компонента NPDL Device набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю выполнить произвольный код

Published: 2025-04-02Modified: 2026-03-04

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

BDU:2025-03706

HIGH7.8

Уязвимость файла psi/zbfont.c набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю выполнить произвольный код

Published: 2025-04-02Modified: 2026-03-04

CVSS 3.xHIGH 7.8

CVSS:3.x/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.2

CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C

References

BDU:2025-03707

CRITICAL9.8

Уязвимость функции bj10v_print_page() файла contrib/japanese/gdev10v.c компонента BJ10V Device набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Published: 2025-04-02Modified: 2026-03-04

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

BDU:2025-03708

CRITICAL9.8

Уязвимость функции gp_open_scratch_file_impl() файлов base/gp_mswin.c и base/winrtsup.cpp набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю читать произвольные файлы

Published: 2025-04-02Modified: 2025-09-24

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2025-27837

BDU:2025-03710

HIGH7.8

Уязвимость файлов base/write_t1.c и psi/zfapi.c компонента DollarBlend набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю выполнить произвольный код

Published: 2025-04-02Modified: 2026-03-04

CVSS 3.xHIGH 7.8

CVSS:3.x/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.2

CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2025-27830

BDU:2025-03711

CRITICAL9.8

Уязвимость функции txt_get_unicode() файла devices/vector/doc_common.c набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю выполнить произвольный код

Published: 2025-04-02Modified: 2026-03-04

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2025-27831

BDU:2025-06028

MEDIUM4.0

Уязвимость функции gs_lib_ctx_stash_sanitized_arg файла base/gslibctx.c набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2025-05-27Modified: 2025-09-24

CVSS 3.xMEDIUM 4.0

CVSS:3.x/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS 2.0LOW 2.1

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N

References

CVE-2025-48708

BDU:2025-11415

MEDIUM6.3

Уязвимость файла pdf/pdf_fmap.c компонента TTF набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2025-09-22Modified: 2026-03-04

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

References

CVE-2025-27833

BDU:2025-11969

MEDIUM4.5

Уязвимость функции decode_utf8 компонента base/gp_utf8.c набора программного обеспечения обработки документов Ghostscript, озволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность

Published: 2025-09-28Modified: 2025-10-14

CVSS 3.xMEDIUM 4.5

CVSS:3.x/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

CVSS 2.0LOW 2.6

CVSS:2.0/AV:L/AC:H/Au:N/C:P/I:P/A:N

References

CVE-2025-46646

CVE-2025-27830

HIGH7.8

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c.

Published: 2025-03-25Modified: 2025-11-03

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2025-27831

CRITICAL9.8

An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c.

Published: 2025-03-25Modified: 2025-11-03

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

CVE-2025-27832

CRITICAL9.8

An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c.

Published: 2025-03-25Modified: 2025-11-03

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

CVE-2025-27833

HIGH7.8

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c.

Published: 2025-03-25Modified: 2025-04-01

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

https://bugs.ghostscript.com/show_bug.cgi?id=708259

CVE-2025-27834

HIGH7.8

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c.

Published: 2025-03-25Modified: 2025-04-01

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

https://bugs.ghostscript.com/show_bug.cgi?id=708253

CVE-2025-27835

HIGH7.8

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c.

Published: 2025-03-25Modified: 2025-11-03

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2025-27836

CRITICAL9.8

An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c.

Published: 2025-03-25Modified: 2025-11-03

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

CVE-2025-27837

CRITICAL9.8

An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.

Published: 2025-03-25Modified: 2025-04-01

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

https://bugs.ghostscript.com/show_bug.cgi?id=708238

CVE-2025-46646

MEDIUM4.5

In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.

Published: 2025-04-26Modified: 2025-06-23

CVSS 3.xMEDIUM 4.5

CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

References

CVE-2025-48708

LOW3.3

gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.

Published: 2025-05-23Modified: 2025-06-20

CVSS 3.xLOW 3.3

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References

Package update ghostscript in branch sisyphus

Closed issues (20)

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c.

An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c.

An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c.

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c.

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c.

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c.

An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c.

An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.

In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.

gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.