CVE-2025-27830 – A buffer overflow vulnerability in Artifex Ghos... (How to Fix)

Q: What is the severity of CVE-2025-27830?

CVE-2025-27830 has a CVSS score of 7.8 (HIGH). A buffer overflow vulnerability in Artifex Ghostscript allows attackers to execute arbitrary code or cause denial of service by processing maliciously crafted font files. This affects systems using Ghostscript for PDF/PostScript processing, including document viewers, printers, and web applications that convert documents. The vulnerability is triggered during DollarBlend serialization in specific font handling functions.

📋 TL;DR

A buffer overflow vulnerability in Artifex Ghostscript allows attackers to execute arbitrary code or cause denial of service by processing maliciously crafted font files. This affects systems using Ghostscript for PDF/PostScript processing, including document viewers, printers, and web applications that convert documents. The vulnerability is triggered during DollarBlend serialization in specific font handling functions.

💻 Affected Systems

Products:

Artifex Ghostscript

Versions: All versions before 10.05.0

Operating Systems: Linux, Windows, macOS, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Any system with Ghostscript installed and processing untrusted PostScript/PDF files is vulnerable. Common in document management systems, printers, and web apps.

📦 What is this software?

Ghostscript by Artifex

View all CVEs affecting Ghostscript →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the Ghostscript process, potentially leading to full system compromise.

🟠

Likely Case

Denial of service through application crashes when processing malicious documents.

🟢

If Mitigated

Limited impact if Ghostscript runs in sandboxed environments with minimal privileges.

🌐 Internet-Facing: HIGH - Web applications using Ghostscript for document conversion can be exploited remotely via uploaded files.

🏢 Internal Only: MEDIUM - Internal systems processing untrusted documents remain vulnerable but have reduced attack surface.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires crafting a malicious font file and getting it processed by Ghostscript. No public exploits are known as of the advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.05.0

Vendor Advisory: https://bugs.ghostscript.com/show_bug.cgi?id=708241

Restart Required: No

Instructions:

1. Download Ghostscript 10.05.0 or later from https://www.ghostscript.com/. 2. Compile and install following the vendor's instructions. 3. For package managers: Use 'apt-get update && apt-get upgrade ghostscript' on Debian/Ubuntu or equivalent on other distributions.

🔧 Temporary Workarounds

Disable vulnerable font processing

all

Configure Ghostscript to disable DollarBlend font processing via command-line flags or configuration files.

gs -dNO_DOLLAR_BLEND -sDEVICE=... input.ps

🧯 If You Can't Patch

Restrict Ghostscript to process only trusted documents from verified sources.
Run Ghostscript in a sandboxed environment with minimal privileges and network access.

🔍 How to Verify

Check if Vulnerable:

Check Ghostscript version with 'gs --version'. If version is below 10.05.0, the system is vulnerable.

Check Version:

gs --version

Verify Fix Applied:

After patching, run 'gs --version' to confirm version is 10.05.0 or higher.

📡 Detection & Monitoring

Log Indicators:

Ghostscript crash logs with segmentation faults
Error messages mentioning write_t1.c or zfapi.c

Network Indicators:

Unusual document uploads to web applications using Ghostscript

SIEM Query:

source="ghostscript.log" AND ("segmentation fault" OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2025-27830

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-120

EPSS Score: 0.03% exploit probability (7.1th percentile)

Published: March 25, 2025

Last Updated: November 3, 2025

🔗 References

https://bugs.ghostscript.com/show_bug.cgi?id=708241 Issue Tracking,Patch
https://lists.debian.org/debian-lts-announce/2025/04/msg00014.html

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-27830, you might also want to check these: