An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c.
A buffer overflow error (CWE-120) occurs in the file contrib/japanese/gdev10v.c, responsible for handling the BJ10V device driver. During print data processing, it is possible to overflow a buffer in memory, leading to overwriting of adjacent memory areas of the process. An attacker can provide a crafted document or input data that triggers this error without the need to possess privileges or user interaction.
Successful exploitation of the vulnerability may allow an attacker to gain full control over the Ghostscript process, including remote code execution (RCE), disclosure of sensitive data, and disruption of service availability.
Artifex Ghostscript should be updated to version 10.05.0 or later. Users of Debian distributions should apply available security packages in accordance with the debian-lts-announce announcement from April 2025.
Artifex Ghostscript in all versions before 10.05.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HArtifex Ghostscript
APPArtifex< 10.05.0
Related vulnerabilities
Path Traversal w Artifex Ghostscript przez nieprawidłowe znaki UTF-8
Buffer overflow w Artifex Ghostscript — urządzenie DOCXWRITE/TXTWRITE
Buffer overflow w urządzeniu NPDL Artifex Ghostscript (kompresja)
Artifex Ghostscript — out-of-bounds write i use-after-free w obsłudze txtwrite
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data int...