CVE-2025-59800
published 2025-09-22CVE-2025-59800: In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8.
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | ghostscript | <= 10.05.1 | — |
| artifex | ghostscript | >= 0 < 10.06.0~dfsg-1 | 10.06.0~dfsg-1 |
| artifex | ghostscript | >= 0 < 9.55.0~dfsg1-0ubuntu5.13 | 9.55.0~dfsg1-0ubuntu5.13 |
| artifex | ghostscript | >= 0 < 10.02.1~dfsg1-0ubuntu7.8 | 10.02.1~dfsg1-0ubuntu7.8 |
| debian | ghostscript | < ghostscript 10.06.0~dfsg-1 (forky) | ghostscript 10.06.0~dfsg-1 (forky) |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.5MEDIUM