CVE-2025-48708

Опубликовано: 23 мая 2025

Источник: debian

EPSS Низкий

Описание

gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
ghostscript	fixed	10.05.1~dfsg-1		package

Примечания

https://bugs.ghostscript.com/show_bug.cgi?id=708446
Fixed by: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5b5968c306b3e35cdeec83bb15026fd74a7334de (ghostpdl-10.05.1)
Argument handling with '#' instead of '=' only relevant on Windows

EPSS

Процентиль: 0%

0.00005

Низкий

Связанные уязвимости

CVE-2025-48708

CVSS3: 4

ubuntu

7 месяцев назад

gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.

CVE-2025-48708

CVSS3: 2.9

redhat

7 месяцев назад

gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.

CVE-2025-48708

CVSS3: 4

nvd

7 месяцев назад

gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.

SUSE-SU-2025:03461-1

suse-cvrf

2 месяца назад

Security update for ghostscript

SUSE-SU-2025:03460-1

suse-cvrf

2 месяца назад

Security update for ghostscript

EPSS

Процентиль: 0%

0.00005

Низкий