Primary

Context

Artifex Ghostscript Compression Buffer Overflow Vulnerability in NPDL Device

Vulnerability

Patched

A buffer overflow vulnerability has been identified in Artifex Ghostscript versions prior to 10.05.0, specifically within the NPDL device. The issue arises in the Japanese contribution file 'gdevnpdl.c', where an integer overflow during the calculation of width and height can lead to the allocation of a compression buffer that is shorter than required, creating a buffer overflow condition.

Impact

Exploitation of this vulnerability leads to a compression buffer overflow, which can commonly result in arbitrary code execution.

Reproduction

The vulnerability can be reproduced by using Ghostscript with the NPDL device. After applying the patch, the exploit can be executed by processing a PostScript file that triggers the buffer overflow via the 'npdl' device.

Remediation

Users can update to Ghostscript version 10.05.0 or later, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

10.0

exploitability

6.0

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

10.0

exploitability

6.0

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Artifex Ghostscript Compression Buffer Overflow Vulnerability in NPDL Device

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Artifex Ghostscript

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating