CVE-2025-59800
BaseFortify
Publication date: 2025-09-22
Last updated on: 2025-09-25
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| artifex | ghostscript | to 10.05.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-59800 is a heap buffer overflow vulnerability in Artifex Ghostscript's OCR processing. It occurs because the function ocr_begin_page performs an integer overflow when calculating the size of memory to allocate for image raster data. This overflow causes the program to allocate a smaller buffer than needed. Later, the function ocr_line8 writes data beyond this allocated buffer, leading to a heap-based buffer overflow. The issue arises from missing checks on the multiplication of raster width and height, allowing the size calculation to wrap around and cause unsafe memory allocation. [1]
How can this vulnerability impact me? :
This vulnerability can lead to a heap-based buffer overflow, which may cause the Ghostscript process to crash or behave unpredictably. In some cases, such buffer overflows can be exploited by attackers to execute arbitrary code or escalate privileges, potentially compromising the system running Ghostscript. The impact depends on how Ghostscript is used and whether untrusted PDF files are processed with the vulnerable OCR functionality. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by processing specially crafted PDF files that trigger the heap buffer overflow in Ghostscript's OCR processing, specifically using the `pdfocr8` device. Running Ghostscript with AddressSanitizer (ASan) enabled can help detect heap-buffer-overflow errors. For example, you can use a proof-of-concept PDF file that triggers the overflow and run a command like `gs -dDEVICE=pdfocr8 -sOutputFile=output.pdf poc.pdf` under ASan to observe any memory errors. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation is to update Ghostscript to a version that includes the patch committed on 2025-07-01 which adds an integer overflow check before memory allocation in `ocr_begin_page`. This prevents the unsafe allocation and subsequent heap buffer overflow. Until an update is applied, avoid processing untrusted PDF files with the `pdfocr8` device or disable OCR processing features in Ghostscript. [1]