CVE-2025-27830

HIGH7.8EPSS 0.06%

ghostscript - security update

發布日:2025/3/25修改日:2025/12/3

也稱為:ALPINE-CVE-2025-27830

描述

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c.

受影響套件(4)

Alpine/ghostscriptfrom 0, < 10.05.0
Debian/ghostscriptfrom 0, < 9.53.3~dfsg-7+deb11u10
Debian/ghostscriptfrom 0, < 9.53.3~dfsg-7+deb11u10
Debian/ghostscriptfrom 0, < 10.0.0~dfsg-11+deb12u7

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

參考連結(2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2025-27830
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-27830