CNNVD-202509-3617 Information
CNNVD ID
CNNVD-202509-3617
Related CVE
- CNNVD Published: 2025-09-22
Description (Chinese)
Artifex Ghostscript是美国Artifex公司的一套建基于 Adobe、PostScript 及可移植文档格式的页面描述语言等而编译成的自由软件。 Artifex Ghostscript 10.05.1及之前版本存在输入验证错误漏洞,该漏洞源于devices/gdevpdfocr.c中的ocr_begin_page存在整数溢出,可能导致堆缓冲区溢出。
Description (English)
Artifex Ghostscript is a set of free software compiled by the United States company Artifex, based on Adobe, PostScript and the language of page descriptions in portable document formats. Artifex Ghostscript 10.05.1 and previous versions have input verification error holes, which stem from the integer spill of ocr begin page in Devices/gdevpdfocr.c, which may result in spills over the buffer zone.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
Artifex
Published
2025-09-22
Last Modified
2026-02-24
References
https://bugs.ghostscript.com/show_bug.cgi?id=708602 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=176cf0188a2294bc307b8caec876f39412e58350 https://access.redhat.com/security/cve/cve-2025-59800
Patch
https://github.com/ArtifexSoftware/ghostpdl-downloads/releases
Share on: