Skip to main content

Ghostscript CVE-2025-48708

MEDIUM
Improper Removal of Sensitive Information Before Storage or Transfer (CWE-212)
2025-05-23 cve@mitre.org
4.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.0 MEDIUM
AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
SUSE
3.3 LOW
AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Red Hat
2.9 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 18:43 vuln.today
Patch released
Mar 28, 2026 - 18:43 nvd
Patch available
CVE Published
May 23, 2025 - 04:15 nvd
MEDIUM 4.0

DescriptionCVE.org

gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the

case. A created PDF document includes its password in cleartext.

AnalysisAI

gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the

case. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-212. gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the

case. A created PDF document includes its password in cleartext. Affected products include: Artifex Ghostscript. Version information: before 10.05.1.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2016-7976 HIGH POC
8.8 Aug 07

The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams

CVE-2018-16509 HIGH POC
7.8 Sep 05

An issue was discovered in Artifex Ghostscript before 9.24. Rated high severity (CVSS 7.8), this vulnerability is no aut

CVE-2012-4405 MEDIUM
6.8 Sep 18

Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (iccl

CVE-2023-28879 CRITICAL POC
9.8 Mar 31

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to t

CVE-2018-18284 HIGH POC
8.6 Oct 19

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the

CVE-2018-17961 HIGH POC
8.6 Oct 15

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving err

CVE-2016-10317 HIGH POC
7.8 Apr 03

The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Rated high severity (CVSS 7.8), this

CVE-2017-9611 HIGH POC
7.8 Jul 26

The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial

CVE-2017-9835 HIGH POC
7.8 Jul 26

The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of

CVE-2017-7948 HIGH POC
7.8 Apr 19

Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of ser

CVE-2020-16303 HIGH POC
7.8 Aug 13

A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9

CVE-2019-14817 HIGH POC
7.8 Sep 03

A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not prop

Vendor StatusVendor

SUSE

Severity: Low
Product Status
SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise High Performance Computing 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP6 Fixed
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SP7 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 Fixed
openSUSE Leap 15.6 Fixed
openSUSE Tumbleweed Fixed

Share

CVE-2025-48708 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy