How to fix CVE-2025-7462?

Within 30 days: Identify affected systems running Artifex GhostPDL and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Ubuntu affected by CVE-2025-7462?

Organizations using Artifex GhostPDL should be aware of moderate risk from CVE-2025-7462 rated CVSS 4.3. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2025-7462

EUVD-2025-21205 MEDIUM

2025-07-12 [email protected]

4.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 16, 2026 - 08:56 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 08:56 euvd

EUVD-2025-21205

CVE Published

Jul 12, 2025 - 06:15 nvd

MEDIUM 4.3

Description

A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the function pdf_ferror of the file devices/vector/gdevpdf.c of the component New Output File Open Error Handler. The manipulation leads to null pointer dereference. It is possible to initiate the attack remotely. The identifier of the patch is 619a106ba4c4abed95110f84d5efcd7aee38c7cb. It is recommended to apply a patch to fix this issue.

Analysis

Technical Context

A NULL pointer dereference occurs when the application attempts to use a pointer that has not been initialized or has been set to NULL. This vulnerability is classified as Improper Resource Shutdown or Release (CWE-404).

Affected Products

Affected: Artifex GhostPDL

Remediation

Add NULL checks before pointer dereference operations. Use static analysis to identify potential NULL pointer issues. Enable compiler warnings.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +22

POC: 0

Vendor Status

Ubuntu

Priority: Low

ghostscript

Release	Status	Version
xenial	needs-triage	-
bionic	needs-triage	-
focal	needs-triage	-
upstream	released	10.05.1~dfsg-2
jammy	released	9.55.0~dfsg1-0ubuntu5.13
noble	released	10.02.1~dfsg1-0ubuntu7.8
plucky	released	10.05.0dfsg1-0ubuntu1.2
questing	released	10.05.0dfsg1-0ubuntu4

USN-7782-1

Debian

Bug #1109270

ghostscript

Release	Status	Fixed Version	Urgency
bullseye	fixed	9.53.3~dfsg-7+deb11u11	-
bullseye (security)	fixed	9.53.3~dfsg-7+deb11u11	-
bookworm, bookworm (security)	fixed	10.0.0~dfsg-11+deb12u8	-
trixie (security), trixie	fixed	10.05.1~dfsg-1+deb13u1	-
forky, sid	fixed	10.06.0~dfsg-3	-
bookworm	fixed	10.0.0~dfsg-11+deb12u8	-
trixie	fixed	10.05.1~dfsg-1+deb13u1	-
(unstable)	fixed	10.05.1~dfsg-2	-

DLA-4330-1 DSA-6024-1

CVE-2025-7462 vulnerability details – vuln.today

Back

CVE-2025-7462

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

CVE-2025-7462

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code