An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c.
The vulnerability results from a text buffer overflow (CWE-120 — classic buffer overflow) in the file devices/vector/doc_common.c, which handles DOCXWRITE and TXTWRITE devices. Triggering the error requires passing a character or string of excessive length to the vulnerable device. Lack of proper validation of input data length causes memory to be overwritten beyond the intended buffer, which can lead to gaining control over program execution flow.
An attacker can gain full control over the confidentiality, integrity, and availability of the system — including executing arbitrary code (RCE) in the context of the Ghostscript process. In practice, compromise of a system processing documents is possible.
Artifex Ghostscript should be updated to version 10.05.0 or later. Debian distribution users should apply updates published in the debian-lts-announce channel (April 2025). In environments where immediate updates are not possible, processing of untrusted documents by Ghostscript should be restricted and the process should be isolated in an environment with limited privileges (e.g., sandbox, container).
Artifex Ghostscript in all versions before 10.05.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HArtifex Ghostscript
APPArtifex< 10.05.0
Related vulnerabilities
Path Traversal w Artifex Ghostscript przez nieprawidłowe znaki UTF-8
Buffer overflow w urządzeniu NPDL Artifex Ghostscript (kompresja)
Buffer overflow w urządzeniu BJ10V w Artifex Ghostscript
Artifex Ghostscript — out-of-bounds write i use-after-free w obsłudze txtwrite
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data int...