CVE-2025-59800

MEDIUM

Artifex Ghostscript < 10.05.1 - Heap-Based Buffer Overflow via Integer Overflow in ocr_begin_page

Title source: llm

Description

In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8.

References (2)

Core 2

Core References

Issue Tracking

https://bugs.ghostscript.com/show_bug.cgi?id=708602

Patch

https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=176cf0188a2294bc307b8caec876f39412e58350

Scores

CVSS v3 4.3

EPSS 0.0016

EPSS Percentile 5.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-190

Status published

Products (1)

artifex/ghostscript < 10.05.1

Published Sep 22, 2025

Tracked Since Feb 18, 2026