CNNVD-202509-3629 Information
CNNVD ID
CNNVD-202509-3629
Related CVE
- CNNVD Published: 2025-09-22
Description (Chinese)
Artifex Ghostscript是美国Artifex公司的一套建基于 Adobe、PostScript 及可移植文档格式的页面描述语言等而编译成的自由软件。 Artifex Ghostscript 10.05.1及之前版本存在安全漏洞,该漏洞源于pdfmark_coerce_dest函数中存在基于栈的缓冲区溢出,可能导致执行任意代码。
Description (English)
Artifex Ghostscript is a set of free software compiled by the United States company Artifex, based on Adobe, PostScript and the language of page descriptions in portable document formats. There is a security loophole in Artifex Ghostscript 10.05.1 and earlier versions, which stems from the proliferation of a cage-based buffer zone in the pdfmark coerce dest function, which may result in the implementation of any code.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Artifex
Published
2025-09-22
Last Modified
2026-02-24
References
https://bugs.ghostscript.com/show_bug.cgi?id=708517 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=6dab38fb211f15226c242ab7a83fa53e4b0ff781 https://access.redhat.com/security/cve/cve-2025-59799
Patch
https://github.com/ArtifexSoftware/ghostpdl-downloads/releases
Share on: