CVE-2025-59800

CWE-190 — Integer Overflow8 documents7 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 95.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Ghostscript

Timeline

PublishedSep 22

Latest updateSep 29

Description

In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 2.5 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5artifex/ghostscript10.05.1

▶NVDartifex/ghostscript10.05.1

▶Debianghostscript< 10.06.0~dfsg-1

Patches

Patch: cgit.ghostscript.com ↗

🔴Vulnerability Details

OSV

ghostscript vulnerabilities↗2025-09-29

▶

CVEList

CVE-2025-59800: In Artifex Ghostscript through 10↗2025-09-22

▶

OSV

CVE-2025-59800: In Artifex Ghostscript through 10↗2025-09-22

▶

GHSA

GHSA-2mxc-fm8x-qgcp: In Artifex Ghostscript through 10↗2025-09-22

▶

📋Vendor Advisories

Ubuntu

Ghostscript vulnerabilities↗2025-09-29

▶

Red Hat

Artifex Ghostscript: Artifex Ghostscript: Denial of Service via crafted document processing↗2025-09-22

▶

Debian

CVE-2025-59800: ghostscript - In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c h...↗2025

▶