CVE-2025-27833 – A buffer overflow vulnerability in Artifex Ghos... (How to Fix)

Q: What is the severity of CVE-2025-27833?

CVE-2025-27833 has a CVSS score of 7.8 (HIGH). A buffer overflow vulnerability in Artifex Ghostscript allows attackers to execute arbitrary code by providing a specially crafted long TTF font name. This affects systems processing PDF files with Ghostscript, including document conversion services and print servers. The vulnerability requires processing malicious PDF files to trigger exploitation.

📋 TL;DR

A buffer overflow vulnerability in Artifex Ghostscript allows attackers to execute arbitrary code by providing a specially crafted long TTF font name. This affects systems processing PDF files with Ghostscript, including document conversion services and print servers. The vulnerability requires processing malicious PDF files to trigger exploitation.

💻 Affected Systems

Products:

Artifex Ghostscript

Versions: All versions before 10.05.0

Operating Systems: All platforms running Ghostscript (Linux, Windows, macOS, etc.)

Default Config Vulnerable: ⚠️ Yes

Notes: Any system using Ghostscript for PDF processing, document conversion, or printing is vulnerable. This includes web applications, document management systems, and print servers that process PDF files.

📦 What is this software?

Ghostscript by Artifex

View all CVEs affecting Ghostscript →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the Ghostscript process, potentially leading to full system compromise, data exfiltration, or lateral movement within the network.

🟠

Likely Case

Denial of service through application crashes, with potential for limited code execution depending on exploit sophistication and system protections.

🟢

If Mitigated

Application crash without code execution if modern exploit mitigations like ASLR and DEP are properly configured and enforced.

🌐 Internet-Facing: MEDIUM - Exploitation requires processing malicious PDF files, which could be uploaded to web services or emailed to users, but requires specific interaction.

🏢 Internal Only: MEDIUM - Internal users could exploit by submitting malicious PDFs to document processing systems, print servers, or conversion services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires crafting a malicious PDF with a specially designed long TTF font name. The attacker needs to get the victim to process the PDF through Ghostscript.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.05.0 and later

Vendor Advisory: https://bugs.ghostscript.com/show_bug.cgi?id=708259

Restart Required: No

Instructions:

1. Download Ghostscript 10.05.0 or later from the official website. 2. Stop any services using Ghostscript. 3. Install the updated version. 4. Restart services that use Ghostscript.

🔧 Temporary Workarounds

Disable TTF font processing

all

Configure Ghostscript to disable TrueType font processing if not required

Add '-dNO_TTF' to Ghostscript command line arguments

Sandbox Ghostscript processes

all

Run Ghostscript in a restricted environment with minimal privileges

Use containerization (Docker with limited capabilities) or SELinux/AppArmor policies

🧯 If You Can't Patch

Implement strict input validation for PDF files before processing with Ghostscript
Isolate Ghostscript processes in network segments with limited access to critical systems

🔍 How to Verify

Check if Vulnerable:

Run 'gs --version' and check if version is below 10.05.0

Check Version:

gs --version

Verify Fix Applied:

Confirm Ghostscript version is 10.05.0 or higher using 'gs --version'

📡 Detection & Monitoring

Log Indicators:

Ghostscript crash logs
Segmentation fault errors in system logs
Abnormal process termination of gs processes

Network Indicators:

Unusual PDF file uploads to document processing services
Multiple failed PDF processing attempts

SIEM Query:

process_name:gs AND (event_type:crash OR exit_code:139 OR exit_code:-1073741819)

📊 Metadata

CVE ID: CVE-2025-27833

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-120

EPSS Score: 0.03% exploit probability (9th percentile)

Published: March 25, 2025

Last Updated: April 1, 2025

🔗 References

https://bugs.ghostscript.com/show_bug.cgi?id=708259 Issue Tracking,Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-27833, you might also want to check these: