rpm package
opensuse/ghostscript&distro=openSUSE Leap 16.0
pkg:rpm/opensuse/ghostscript&distro=openSUSE%20Leap%2016.0
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-59801 | Med | 4.3 | < 10.06.0-160000.1.1 | 10.06.0-160000.1.1 | Sep 22, 2025 | In Artifex GhostXPS before 10.06.0, there is a stack-based buffer overflow in xps_unpredict_tiff in xpstiff.c because the samplesperpixel value is not checked. | |
| CVE-2025-59800 | — | < 10.06.0-160000.1.1 | 10.06.0-160000.1.1 | Sep 22, 2025 | In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8. | ||
| CVE-2025-59799 | — | < 10.06.0-160000.1.1 | 10.06.0-160000.1.1 | Sep 22, 2025 | Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value. | ||
| CVE-2025-59798 | — | < 10.06.0-160000.1.1 | 10.06.0-160000.1.1 | Sep 22, 2025 | Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c. | ||
| CVE-2025-48708 | — | < 10.06.0-160000.1.1 | 10.06.0-160000.1.1 | May 23, 2025 | gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext. | ||
| CVE-2025-46646 | — | < 10.06.0-160000.1.1 | 10.06.0-160000.1.1 | Apr 26, 2025 | In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954. |
- affected < 10.06.0-160000.1.1fixed 10.06.0-160000.1.1
In Artifex GhostXPS before 10.06.0, there is a stack-based buffer overflow in xps_unpredict_tiff in xpstiff.c because the samplesperpixel value is not checked.
- CVE-2025-59800Sep 22, 2025affected < 10.06.0-160000.1.1fixed 10.06.0-160000.1.1
In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8.
- CVE-2025-59799Sep 22, 2025affected < 10.06.0-160000.1.1fixed 10.06.0-160000.1.1
Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value.
- CVE-2025-59798Sep 22, 2025affected < 10.06.0-160000.1.1fixed 10.06.0-160000.1.1
Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c.
- CVE-2025-48708May 23, 2025affected < 10.06.0-160000.1.1fixed 10.06.0-160000.1.1
gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.
- CVE-2025-46646Apr 26, 2025affected < 10.06.0-160000.1.1fixed 10.06.0-160000.1.1
In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.