CRITICAL🇵🇱 Wersja polska

CVE-2025-27836

CVSS 9.8v3.1pub. 2025-03-25upd. 2025-11-03

An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c.

🤖 AI Analysis
How it works

A buffer overflow error (CWE-120) occurs in the file contrib/japanese/gdev10v.c, responsible for handling the BJ10V device driver. During print data processing, it is possible to overflow a buffer in memory, leading to overwriting of adjacent memory areas of the process. An attacker can provide a crafted document or input data that triggers this error without the need to possess privileges or user interaction.

Impact

Successful exploitation of the vulnerability may allow an attacker to gain full control over the Ghostscript process, including remote code execution (RCE), disclosure of sensitive data, and disruption of service availability.

Mitigation & patch

Artifex Ghostscript should be updated to version 10.05.0 or later. Users of Debian distributions should apply available security packages in accordance with the debian-lts-announce announcement from April 2025.

Who is affected

Artifex Ghostscript in all versions before 10.05.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Artifex Ghostscript

    APP
    Artifex
    < 10.05.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2025-27837CRITICAL9.8PL ✓ten sam produkt

Path Traversal w Artifex Ghostscript przez nieprawidłowe znaki UTF-8

CVE-2025-27831CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Artifex Ghostscript — urządzenie DOCXWRITE/TXTWRITE

CVE-2025-27832CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w urządzeniu NPDL Artifex Ghostscript (kompresja)

CVE-2020-36773CRITICAL9.8PL ✓ten sam produkt

Artifex Ghostscript — out-of-bounds write i use-after-free w obsłudze txtwrite

CVE-2023-28879CRITICAL9.8ten sam produkt

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data int...