CVE-2025-59799
BaseFortify
Publication date: 2025-09-22
Last updated on: 2025-11-03
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| artifex | ghostscript | to 10.05.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow in the Ghostscript software, specifically in the function pdfmark_coerce_dest in the file devices/vector/gdevpdfm.c. It occurs because the destination buffer on the stack does not have proper bounds checking before data is copied into it using memcpy. An attacker can exploit this by providing input data larger than the buffer size, causing the overflow. This happens when processing crafted PDF files containing malicious pdfmark code, potentially leading to arbitrary code execution or denial of service. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to a stack-based buffer overflow which may allow an attacker to execute arbitrary code or cause a denial of service in the Ghostscript software. This could compromise the security and stability of systems using vulnerable versions of Ghostscript when processing malicious PDF files. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing Ghostscript's handling of PDF files containing malicious pdfmark code that triggers the stack-based buffer overflow in the pdfmark_coerce_dest function. A proof-of-concept (PoC) file exists that demonstrates the overflow. Running Ghostscript with AddressSanitizer enabled on such a PoC file will reveal a stack-buffer-overflow error during the memcpy call. A suggested command to detect the issue is to run Ghostscript with AddressSanitizer on the PoC PDF file, for example: `ASAN_OPTIONS=detect_stack_use_after_return=1 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite malicious.pdf` where `malicious.pdf` is the PoC file triggering the overflow. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating Ghostscript to a version that contains the fix committed on May 8, 2025, which adds proper bounds checking on the input size before memcpy in pdfmark_coerce_dest. Until an updated version is applied, avoid processing untrusted or suspicious PDF files containing pdfmark code with vulnerable Ghostscript versions. Additionally, consider restricting or monitoring the use of Ghostscript in your environment to prevent exploitation via crafted PDF files. [1]