CVE-2025-59800
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-22

Last updated on: 2025-09-25

Assigner: MITRE

Description
In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-22
Last Modified
2025-09-25
Generated
2026-06-16
AI Q&A
2025-09-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59800
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
artifex ghostscript to 10.05.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-59800 is a heap buffer overflow vulnerability in Artifex Ghostscript's OCR processing. It occurs because the function ocr_begin_page performs an integer overflow when calculating the size of memory to allocate for image raster data. This overflow causes the program to allocate a smaller buffer than needed. Later, the function ocr_line8 writes data beyond this allocated buffer, leading to a heap-based buffer overflow. The issue arises from missing checks on the multiplication of raster width and height, allowing the size calculation to wrap around and cause unsafe memory allocation. [1]

Impact Analysis

This vulnerability can lead to a heap-based buffer overflow, which may cause the Ghostscript process to crash or behave unpredictably. In some cases, such buffer overflows can be exploited by attackers to execute arbitrary code or escalate privileges, potentially compromising the system running Ghostscript. The impact depends on how Ghostscript is used and whether untrusted PDF files are processed with the vulnerable OCR functionality. [1]

Detection Guidance

This vulnerability can be detected by processing specially crafted PDF files that trigger the heap buffer overflow in Ghostscript's OCR processing, specifically using the `pdfocr8` device. Running Ghostscript with AddressSanitizer (ASan) enabled can help detect heap-buffer-overflow errors. For example, you can use a proof-of-concept PDF file that triggers the overflow and run a command like `gs -dDEVICE=pdfocr8 -sOutputFile=output.pdf poc.pdf` under ASan to observe any memory errors. [1]

Mitigation Strategies

The immediate mitigation is to update Ghostscript to a version that includes the patch committed on 2025-07-01 which adds an integer overflow check before memory allocation in `ocr_begin_page`. This prevents the unsafe allocation and subsequent heap buffer overflow. Until an update is applied, avoid processing untrusted PDF files with the `pdfocr8` device or disable OCR processing features in Ghostscript. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59800. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart