CVE-2025-27837

CVE-2025-27837

Name

CVE-2025-27837

Description

An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	https://bugs.ghostscript.com/show_bug.cgi?id=708238

Type

URI

cve@mitre.org

https://bugs.ghostscript.com/show_bug.cgi?id=708238

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:artifex:ghostscript::::::::`	ghostscript	>= None	< 10.05.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*

ghostscript

>= None

< 10.05.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
ghostscript	edge-main	10.05.0-r0	Cameron Banta <cbanta@gmail.com>	fixed
ghostscript	edge-main	10.05.0	None	fixed
ghostscript	edge-main	10.04.0-r0	Cameron Banta <cbanta@gmail.com>	possibly vulnerable
ghostscript	3.22-main	10.05.0-r0	None	fixed
ghostscript	3.22-main	10.05.0	None	fixed
ghostscript	3.21-main	10.05.0-r0	None	fixed
ghostscript	3.21-main	10.05.0	None	fixed
ghostscript	3.21-main	10.04.0-r0	Cameron Banta <cbanta@gmail.com>	possibly vulnerable
ghostscript	3.20-main	10.05.0-r0	None	fixed
ghostscript	3.20-main	10.05.0	None	fixed
ghostscript	3.20-main	10.04.0-r0	Cameron Banta <cbanta@gmail.com>	possibly vulnerable
ghostscript	3.19-main	10.05.0-r0	None	fixed
ghostscript	3.19-main	10.05.0	None	fixed
ghostscript	3.19-main	10.04.0-r0	Cameron Banta <cbanta@gmail.com>	possibly vulnerable
ghostscript	3.18-main	10.05.0	None	fixed

Source package

Branch

Version

Maintainer

Status

ghostscript

edge-main

10.05.0-r0

Cameron Banta <cbanta@gmail.com>

fixed

ghostscript

edge-main