CVE-2025-27837
published 2025-03-25CVE-2025-27837: An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | ghostscript | < 10.05.0 | 10.05.0 |
| artifex | ghostscript | >= 0 < 10.05.0 | 10.05.0 |
| artifex | ghostscript | >= 0 < 10.05.0-r0 | 10.05.0-r0 |
| artifex | ghostscript | >= 0 < 10.05.0-r0 | 10.05.0-r0 |
| artifex | ghostscript | >= 0 < 10.05.0-r0 | 10.05.0-r0 |
| artifex | ghostscript | >= 0 < 10.05.0-r0 | 10.05.0-r0 |
| artifex | ghostscript | >= 0 < 10.05.0-r0 | 10.05.0-r0 |
| debian | ghostscript | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL