Vulnerability in Ghostscript Affects UTF-8 Handling
CVE-2025-46646

4.5MEDIUM

Key Information:

Vendor: Artifex
Status: Ghostscript
Vendor: CVE Published:; 26 April 2025

Summary

In Artifex Ghostscript prior to version 10.05.0, the function decode_utf8 located in base/gp_utf8.c fails to correctly handle overlong UTF-8 encoding inputs. This flaw arises due to an incomplete fix related to a previous vulnerability. It poses a risk of potential arbitrary code execution or data manipulation when improperly formed UTF-8 sequences are processed, highlighting the importance of proper input validation in software development.

Affected Version(s)

Ghostscript 0 < 10.05.0

References

https://bugs.ghostscript.com/show_bug.cgi?id=708311

https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.gi...

CVSS V3.1

Score:

4.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 26, 2025
Vulnerability Reserved
Apr 26, 2025