Executive Summary

CVE-2025-59798 is a stack-based buffer overflow vulnerability in the Ghostscript software, specifically in the function pdf_write_cmap. The issue occurs because the function copies a CMap name into a fixed-size buffer without checking if the name fits, leading to a buffer overflow. This can cause memory corruption on the stack. The vulnerability was fixed by replacing the fixed buffer with dynamic memory allocation to safely handle variable-length CMap names. [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to memory corruption when processing specially crafted PDF files, potentially causing the Ghostscript process to crash or behave unpredictably. Although the CVSS score indicates low to medium severity with no direct confidentiality or availability impact, it can lead to integrity issues by allowing an attacker to manipulate the processing of PDF text and CMap resources. [1]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by running Ghostscript with AddressSanitizer enabled, which will detect the stack-buffer-overflow error during the memcpy call in the pdf_write_cmap function. Additionally, testing with a proof-of-concept PDF file (such as poc.pdf) that triggers the overflow can help identify the issue. Specific commands would involve compiling Ghostscript with AddressSanitizer and then processing the malicious PDF file to observe the error. [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include updating Ghostscript to a version that contains the fix committed on May 22, 2025, which replaces the static buffer with dynamic memory allocation to safely handle CMap names. If updating is not immediately possible, avoid processing untrusted PDF files that may contain malicious CMap names to prevent triggering the overflow. [1]

Useful 0 Not Useful 0