CVE-2025-27830

HIGH7.8EPSS 0.06%

ghostscript - security update

Published: 3/25/2025Modified: 4/28/2026

Description

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c.

Affected packages (4)

Alpine/ghostscriptfrom 0, < 10.05.0
Debian/ghostscriptfrom 0, < 9.53.3~dfsg-7+deb11u10
Debian/ghostscriptfrom 0, < 9.53.3~dfsg-7+deb11u10
Debian/ghostscriptfrom 0, < 10.0.0~dfsg-11+deb12u7

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2025-27830
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-27830