CNNVD-202509-3616 Information
CNNVD ID
CNNVD-202509-3616
Related CVE
- CNNVD Published: 2025-09-22
Description (Chinese)
Artifex Ghostscript是美国Artifex公司的一套建基于 Adobe、PostScript 及可移植文档格式的页面描述语言等而编译成的自由软件。 Artifex Ghostscript 10.05.1及之前版本存在安全漏洞,该漏洞源于pdf_write_cmap函数存在栈缓冲区溢出。
Description (English)
Artifex Ghostscript is a set of free software compiled by the United States company Artifex, based on Adobe, PostScript and the language of page descriptions in portable document formats. There is a security loophole in Artifex Ghostscript 10.05.1 and earlier versions, which stems from the spilling out of the cage buffer from the pdf write cmap function.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Artifex
Published
2025-09-22
Last Modified
2026-02-24
References
https://bugs.ghostscript.com/show_bug.cgi?id=708539 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=0cae41b23a9669e801211dd4cf97b6dadd6dbdd7 https://access.redhat.com/security/cve/cve-2025-59798
Patch
https://github.com/ArtifexSoftware/ghostpdl-downloads/releases
Share on: