CVE-2025-27835

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Artifex Ghostscript versions prior to 10.05.0 Ghostscript (affected versions not specified)

Description A buffer overflow issue exists in Ghostscript when converting glyphs to Unicode within the psi/zbfont.c file. This can potentially lead to denial of service or arbitrary code execution if specially crafted document files are processed. The issue affects versions prior to 10.05.0. Reports indicate that this vulnerability has been publicly known for approximately 8 months and may be exploitable through opening malicious LibreOffice documents or via servers utilizing ImageMagick for file conversion. The vulnerable code resides in the psi/zbfont.c file, specifically during the glyph to Unicode conversion process.

Recommendations Upgrade to Ghostscript version 10.05.0 or later. Upgrade to Ghostscript version 10.0.0~dfsg-11+deb12u7 for Debian bookworm distribution. Upgrade to Ghostscript version 10.05.1-alt1.

Fix

DoS

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALT-PU-2025-8484

ALT-PU-2025-9591

BDU:2025-03706

CVE-2025-27835

DLA-4118-1

DSA-5888-1

MGASA-2025-0098

OESA-2025-1358

OESA-2025-1359

OESA-2025-1360

OESA-2025-1361

OESA-2025-1362

OPENSUSE-SU-2025:14953-1

OPENSUSE-SU-2025_1127-1

SUSE-SU-2025:1118-1

SUSE-SU-2025:1127-1

USN-7378-1

USN-7623-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

Ghostscript

CVE-2025-27835

Weakness Enumeration

Related Identifiers

Affected Products

References · 92