CRITICAL🇵🇱 Wersja polska

CVE-2025-27832

CVSS 9.8v3.1pub. 2025-03-25upd. 2025-11-03

An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-120 (classic buffer overflow) involves improper handling of a compression buffer in the NPDL device driver. When processing specially crafted input, the compression module writes data beyond the boundaries of the allocated buffer in memory. The network attack vector without required privileges and user interaction indicates that the exploit can be triggered by delivering a malicious document to a system using Ghostscript.

Impact

An attacker can gain full control over a vulnerable system through remote code execution (RCE), as well as cause violations of data confidentiality, integrity, and availability.

Mitigation & patch

Artifex Ghostscript should be updated to version 10.05.0 or later. Users of Debian distributions should apply updates published as part of debian-lts-announce (April 2025). Patch details are available in manufacturer references.

Who is affected

Artifex Ghostscript in all versions before 10.05.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Artifex Ghostscript

    APP
    Artifex
    < 10.05.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2025-27837CRITICAL9.8PL ✓ten sam produkt

Path Traversal w Artifex Ghostscript przez nieprawidłowe znaki UTF-8

CVE-2025-27831CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Artifex Ghostscript — urządzenie DOCXWRITE/TXTWRITE

CVE-2025-27836CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w urządzeniu BJ10V w Artifex Ghostscript

CVE-2020-36773CRITICAL9.8PL ✓ten sam produkt

Artifex Ghostscript — out-of-bounds write i use-after-free w obsłudze txtwrite

CVE-2023-28879CRITICAL9.8ten sam produkt

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data int...