Description
An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9Attack Vector: Network
Complexity: Low
Privileges: None
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High
Affected Packages2 packages
🔴Vulnerability Details
4GHSAGHSA-rmm8-wf49-vvww: An issue was discovered in Artifex Ghostscript before 10↗2025-03-25 OSVCVE-2025-27837: An issue was discovered in Artifex Ghostscript before 10↗2025-03-25 CVEListCVE-2025-27837: An issue was discovered in Artifex Ghostscript before 10↗2025-03-25 OSVCVE-2025-27837: Access to arbitrary files through truncated path with invalid UTF-8↗2025-03-19 📋Vendor Advisories
2Red HatGhostscript: Access to arbitrary files through truncated path with invalid UTF-8↗2025-03-25 DebianCVE-2025-27837: ghostscript - An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitra...↗2025