cbcvebase.
CVE-2025-48708
published 2025-05-23

CVE-2025-48708: gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document…

low3.3CVSS 3.1
AVLACLPRLUINSUCLINAN
gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.

Affected

9 ranges
VendorProductVersion rangeFixed in
artifexghostscript< 10.05.110.05.1
artifexghostscript>= 0 < 10.05.1~dfsg-110.05.1~dfsg-1
artifexghostscript>= 0 < 10.05.1~dfsg-110.05.1~dfsg-1
artifexghostscript>= 0 < 9.55.0~dfsg1-0ubuntu5.129.55.0~dfsg1-0ubuntu5.12
artifexghostscript>= 0 < 10.02.1~dfsg1-0ubuntu7.710.02.1~dfsg1-0ubuntu7.7
artifexghostscript>= 0 < 9.26~dfsg+0-0ubuntu0.16.04.14+esm99.26~dfsg+0-0ubuntu0.16.04.14+esm9
artifexghostscript>= 0 < 9.26~dfsg+0-0ubuntu0.18.04.18+esm49.26~dfsg+0-0ubuntu0.18.04.18+esm4
artifexghostscript>= 0 < 9.50~dfsg-5ubuntu4.15+esm19.50~dfsg-5ubuntu4.15+esm1
debianghostscript< ghostscript 10.05.1~dfsg-1 (forky)ghostscript 10.05.1~dfsg-1 (forky)

CVSS provenance

nvdv3.13.3LOWCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
osv4.3MEDIUM