CVE-2025-27830
Published: 25 March 2025
Description
An adversary may rely upon a user opening a malicious file in order to gain execution.
Security Summary
CVE-2025-27830 is a buffer overflow vulnerability (CWE-120) discovered in Artifex Ghostscript versions prior to 10.05.0. The flaw occurs during the serialization of DollarBlend in a font, specifically impacting the base/write_t1.c and psi/zfapi.c components.
The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A local attacker requires no privileges but must rely on user interaction, such as processing a maliciously crafted PostScript or PDF file with Ghostscript. Successful exploitation could grant high-impact unauthorized access, modification, or disruption of system resources.
Advisories and patches are detailed in the Ghostscript bug tracker at https://bugs.ghostscript.com/show_bug.cgi?id=708241 and the Debian LTS announcement at https://lists.debian.org/debian-lts-announce/2025/04/msg00014.html, which address the issue in affected distributions. Mitigation involves upgrading to Ghostscript 10.05.0 or later.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Buffer overflow in Ghostscript (client-side PDF/PostScript processor) enables code execution via malicious file opened by user, directly mapping to client exploitation and malicious file delivery.