An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c.
The vulnerability classified as CWE-120 (classic buffer overflow) involves improper handling of a compression buffer in the NPDL device driver. When processing specially crafted input, the compression module writes data beyond the boundaries of the allocated buffer in memory. The network attack vector without required privileges and user interaction indicates that the exploit can be triggered by delivering a malicious document to a system using Ghostscript.
An attacker can gain full control over a vulnerable system through remote code execution (RCE), as well as cause violations of data confidentiality, integrity, and availability.
Artifex Ghostscript should be updated to version 10.05.0 or later. Users of Debian distributions should apply updates published as part of debian-lts-announce (April 2025). Patch details are available in manufacturer references.
Artifex Ghostscript in all versions before 10.05.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HArtifex Ghostscript
APPArtifex< 10.05.0
Related vulnerabilities
Path Traversal w Artifex Ghostscript przez nieprawidłowe znaki UTF-8
Buffer overflow w Artifex Ghostscript — urządzenie DOCXWRITE/TXTWRITE
Buffer overflow w urządzeniu BJ10V w Artifex Ghostscript
Artifex Ghostscript — out-of-bounds write i use-after-free w obsłudze txtwrite
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data int...