CVE-2025-27836 – A buffer overflow vulnerability in the BJ10V de... (How to Fix)

Q: What is the severity of CVE-2025-27836?

CVE-2025-27836 has a CVSS score of 9.8 (CRITICAL). A buffer overflow vulnerability in the BJ10V device driver in Ghostscript allows attackers to execute arbitrary code or cause denial of service. This affects systems using Ghostscript for processing PostScript or PDF files, particularly in document conversion services or printing workflows. The vulnerability is exploitable by processing malicious files.

📋 TL;DR

A buffer overflow vulnerability in the BJ10V device driver in Ghostscript allows attackers to execute arbitrary code or cause denial of service. This affects systems using Ghostscript for processing PostScript or PDF files, particularly in document conversion services or printing workflows. The vulnerability is exploitable by processing malicious files.

💻 Affected Systems

Products:

Artifex Ghostscript

Versions: All versions before 10.05.0

Operating Systems: Linux, Windows, macOS, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Systems using Ghostscript for PDF/PostScript processing, including web applications, document management systems, and printing services.

📦 What is this software?

Ghostscript by Artifex

View all CVEs affecting Ghostscript →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with SYSTEM/root privileges leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Denial of service through application crashes, with potential for limited code execution in document processing contexts.

🟢

If Mitigated

Contained impact within sandboxed environments or with proper input validation, resulting in application crashes without system compromise.

🌐 Internet-Facing: HIGH - Ghostscript is commonly used in web applications for document processing, making internet-facing systems vulnerable to file upload attacks.

🏢 Internal Only: MEDIUM - Internal systems using Ghostscript for document conversion or printing could be exploited via malicious documents.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires processing a malicious PostScript or PDF file. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.05.0

Vendor Advisory: https://bugs.ghostscript.com/show_bug.cgi?id=708192

Restart Required: Yes

Instructions:

1. Download Ghostscript 10.05.0 or later from https://www.ghostscript.com. 2. Stop all Ghostscript services. 3. Install the updated version. 4. Restart services and verify functionality.

🔧 Temporary Workarounds

Disable BJ10V device

linux

Remove or disable the vulnerable BJ10V device driver to prevent exploitation.

mv /usr/share/ghostscript/10.04.0/lib/contrib/japanese/gdev10v.c /usr/share/ghostscript/10.04.0/lib/contrib/japanese/gdev10v.c.bak

Sandbox Ghostscript

linux

Run Ghostscript in a restricted environment with minimal privileges.

firejail --net=none --private ghostscript input.ps

🧯 If You Can't Patch

Implement strict input validation and file type checking for all Ghostscript inputs.
Isolate Ghostscript processes using containerization or virtualization with no network access.

🔍 How to Verify

Check if Vulnerable:

Check Ghostscript version with 'gs --version'. If version is below 10.05.0, the system is vulnerable.

Check Version:

gs --version

Verify Fix Applied:

After patching, run 'gs --version' to confirm version is 10.05.0 or higher.

📡 Detection & Monitoring

Log Indicators:

Ghostscript segmentation fault errors
Unexpected process termination of gs processes
Large or malformed PostScript/PDF file processing

Network Indicators:

Unusual outbound connections from Ghostscript processes
File uploads to document processing endpoints followed by process crashes

SIEM Query:

process_name:gs AND (event_id:1000 OR signal:SIGSEGV)

📊 Metadata

CVE ID: CVE-2025-27836

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

EPSS Score: 0.21% exploit probability (43.2th percentile)

Published: March 25, 2025

Last Updated: November 3, 2025

🔗 References

https://bugs.ghostscript.com/show_bug.cgi?id=708192 Issue Tracking,Patch
https://lists.debian.org/debian-lts-announce/2025/04/msg00014.html

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-27836, you might also want to check these: