What is the CVSS score of CVE-2025-59800?

CVE-2025-59800 has a CVSS 3.1 base score of 4.3 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of Ghostscript are affected by CVE-2025-59800?

Organizations using Artifex Ghostscript should be aware of moderate risk from CVE-2025-59800, a integer overflow vulnerability rated CVSS 4.3.. A patch is available.

How to fix or mitigate CVE-2025-59800?

Within 30 days: Identify affected systems running Artifex Ghostscript and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Ghostscript CVE-2025-59800

MEDIUM

Integer Overflow or Wraparound (CWE-190)

2025-09-22 cve@mitre.org

Buffer Overflow Integer Overflow Red Hat Suse Ghostscript

4.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:13 vuln.today

Patch released

Mar 28, 2026 - 19:13 nvd

Patch available

CVE Published

Sep 22, 2025 - 04:15 nvd

MEDIUM 4.3

DescriptionNVD

In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8.

AnalysisAI

In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8. Affected products include: Artifex Ghostscript. Version information: through 10.05.1.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.