Login Sign Up

CVE-2025-27835

7.8 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in Artifex Ghostscript's glyph-to-Unicode conversion function allows attackers to execute arbitrary code or cause denial of service. This affects systems processing untrusted PostScript, PDF, or EPS files through Ghostscript. Users of applications that embed Ghostscript for document rendering are at risk.

💻 Affected Systems

Products:
  • Artifex Ghostscript
  • Applications embedding Ghostscript (e.g., ImageMagick, GIMP, document viewers)
Versions: All versions before 10.05.0
Operating Systems: All platforms where Ghostscript runs (Linux, Windows, macOS, etc.)
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability triggers when processing PostScript, PDF, or EPS files with specially crafted glyph data.

📦 What is this software?

Ghostscript by Artifex

View all CVEs affecting Ghostscript →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the Ghostscript process, potentially leading to full system compromise.

🟠

Likely Case

Application crash or denial of service when processing malicious documents, with potential for limited code execution.

🟢

If Mitigated

Denial of service only if exploit attempts are blocked or sandboxed.

🌐 Internet-Facing: HIGH if Ghostscript processes user-uploaded documents (e.g., in web apps, document converters).
🏢 Internal Only: MEDIUM for internal document processing systems handling untrusted files.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires processing a malicious document; no authentication needed for the file processing itself.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.05.0 and later

Vendor Advisory: https://bugs.ghostscript.com/show_bug.cgi?id=708131

Restart Required: No

Instructions:

1. Download Ghostscript 10.05.0+ from artifex.com. 2. Compile and install per platform instructions. 3. For embedded use, update the library in dependent applications.

🔧 Temporary Workarounds

Disable Ghostscript processing

all

Temporarily disable Ghostscript in applications (e.g., ImageMagick policy) to block document processing.

For ImageMagick: edit policy.xml to remove PS/PDF/EPS delegates

Sandbox Ghostscript

Linux

Run Ghostscript in a restricted environment (e.g., container, chroot) to limit impact.

Use Docker: docker run --read-only -v /tmp:/tmp ghostscript

🧯 If You Can't Patch

  • Restrict file uploads to trusted sources and scan documents with antivirus.
  • Monitor for crashes in Ghostscript processes and block offending IPs/files.

🔍 How to Verify

Check if Vulnerable:

Run: gs --version and check if version is below 10.05.0.

Check Version:

gs --version

Verify Fix Applied:

Confirm gs --version reports 10.05.0 or higher.

📡 Detection & Monitoring

Log Indicators:

  • Ghostscript crash logs (segmentation faults)
  • Application errors mentioning psi/zbfont.c

Network Indicators:

  • Unusual document uploads to web services using Ghostscript

SIEM Query:

source="*ghostscript*" AND ("segmentation fault" OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2025-27835
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-120
EPSS Score: 0.03% exploit probability (7.1th percentile)
Published: March 25, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-27835, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)