CVE-2025-46646
published 2025-04-26CVE-2025-46646: In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix…
medium4.5CVSS 3.1
AVLACHPRNUINSCCLILAN
In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | ghostscript | < 10.05.0 | 10.05.0 |
| artifex | ghostscript | >= 0 < 10.05.0~dfsg-1 | 10.05.0~dfsg-1 |
| artifex | ghostscript | >= 0 < 10.05.0~dfsg-1 | 10.05.0~dfsg-1 |
| debian | ghostscript | < ghostscript 10.05.0~dfsg-1 (forky) | ghostscript 10.05.0~dfsg-1 (forky) |
CVSS provenance
nvdv3.14.5MEDIUMCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
osv7.8HIGH