CVE-2025-27837

Опубликовано: 25 мар. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.

Ссылки

https://bugs.ghostscript.com/show_bug.cgi?id=708238
Issue Tracking
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*

Версия до 10.05.0 (исключая)

EPSS

Процентиль: 38%

0.00168

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-22

Связанные уязвимости

CVE-2025-27837

CVSS3: 9.8

ubuntu

6 месяцев назад

An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.

CVE-2025-27837

CVSS3: 5.3

redhat

6 месяцев назад

An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.

CVE-2025-27837

CVSS3: 9.8

debian

6 месяцев назад

An issue was discovered in Artifex Ghostscript before 10.05.0. Access ...

GHSA-rmm8-wf49-vvww

CVSS3: 9.8

github

6 месяцев назад

An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.

BDU:2025-03708

CVSS3: 9.8

fstec

8 месяцев назад

Уязвимость функции gp_open_scratch_file_impl() файлов base/gp_mswin.c и base/winrtsup.cpp набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю читать произвольные файлы

EPSS

Процентиль: 38%

0.00168

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-22