Login Sign Up

CVE-2025-59800

4.3 MEDIUM
Buffer Overflow

📋 TL;DR

This CVE describes an integer overflow vulnerability in Artifex Ghostscript's PDF OCR device that leads to heap-based buffer overflow when processing certain PDF files. Attackers could potentially execute arbitrary code or cause denial of service by crafting malicious PDF documents. Systems using Ghostscript for PDF processing, conversion, or OCR functionality are affected.

💻 Affected Systems

Products:
  • Artifex Ghostscript
Versions: All versions through 10.05.1
Operating Systems: All platforms running Ghostscript
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability triggers when processing PDF files with OCR functionality enabled

📦 What is this software?

Ghostscript by Artifex

View all CVEs affecting Ghostscript →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if exploited successfully with crafted PDF input

🟠

Likely Case

Application crash or denial of service when processing malformed PDF files

🟢

If Mitigated

Limited impact with proper sandboxing and input validation in place

🌐 Internet-Facing: MEDIUM - Exploitation requires PDF processing capabilities exposed to untrusted input
🏢 Internal Only: LOW - Requires local access or internal PDF processing workflows

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires crafting specific PDF files that trigger the OCR functionality with malicious parameters

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.05.2 and later

Vendor Advisory: https://bugs.ghostscript.com/show_bug.cgi?id=708602

Restart Required: No

Instructions:

1. Download latest Ghostscript from official repository 2. Compile and install updated version 3. Replace existing Ghostscript binaries 4. Verify installation with version check

🔧 Temporary Workarounds

Disable PDF OCR device

all

Remove or disable the vulnerable OCR device from Ghostscript configuration

gs -sDEVICE=pdfwrite -o output.pdf input.pdf (avoid using pdfocr device)

Input validation and sanitization

all

Implement strict PDF file validation before processing with Ghostscript

🧯 If You Can't Patch

  • Implement strict access controls to limit PDF processing to trusted sources only
  • Deploy Ghostscript in sandboxed/containerized environments with minimal privileges

🔍 How to Verify

Check if Vulnerable:

Check Ghostscript version: gs --version and compare to affected range (≤10.05.1)

Check Version:

gs --version

Verify Fix Applied:

Confirm version is 10.05.2 or later: gs --version | grep -q '10.05.[2-9]\|10.0[6-9]\|[1-9][0-9]'

📡 Detection & Monitoring

Log Indicators:

  • Ghostscript crash logs
  • Segmentation fault errors in system logs
  • Abnormal PDF processing failures

Network Indicators:

  • Unusual PDF file uploads to processing services
  • Multiple failed PDF processing attempts

SIEM Query:

source="*ghostscript*" AND ("segmentation fault" OR "buffer overflow" OR "ocr_begin_page")

📊 Metadata

CVE ID: CVE-2025-59800
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
CWE: CWE-190
EPSS Score: 0.02% exploit probability (4.8th percentile)
Published: September 22, 2025
Last Updated: September 25, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-59800, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)