Stack-based Buffer Overflow in Artifex GhostXPS Product
CVE-2025-59801

4.3MEDIUM

Key Information:

Vendor: Artifex
Status: Ghostxps
Vendor: CVE Published:; 22 September 2025

What is CVE-2025-59801?

A stack-based buffer overflow vulnerability exists in Artifex GhostXPS prior to version 10.06.0, specifically in the xps_unpredict_tiff function located in xpstiff.c. This vulnerability arises due to the absence of validation for the samplesperpixel value, which could be exploited by an attacker to execute arbitrary code or cause a denial of service condition. Ensuring that affected versions are updated is crucial for maintaining system integrity and security.

Affected Version(s)

GhostXPS 0 < 10.06.0

References

https://bugs.ghostscript.com/show_bug.cgi?id=708819

https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.gi...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 22, 2025
Vulnerability Reserved
Sep 22, 2025