CVE-2025-59801
published 2025-09-22CVE-2025-59801: In Artifex GhostXPS before 10.06.0, there is a stack-based buffer overflow in xps_unpredict_tiff in xpstiff.c because the samplesperpixel value is not checked.
medium4.3CVSS 3.1
AVLACLPRNUINSCCNILAN
In Artifex GhostXPS before 10.06.0, there is a stack-based buffer overflow in xps_unpredict_tiff in xpstiff.c because the samplesperpixel value is not checked.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | ghostscript | >= 0 < 10.06.0~dfsg-1 | 10.06.0~dfsg-1 |
| artifex | ghostxps | < 10.06.0 | 10.06.0 |
| debian | ghostscript | < ghostscript 10.06.0~dfsg-1 (forky) | ghostscript 10.06.0~dfsg-1 (forky) |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
osv4.3MEDIUM