Ghostscript is vulnerable to several security gaps. Further information on the weak points is still pending. A security patch is available. There are currently no reports on attacks.
Security problems
As can be seen from the changelog to the current Ghostscript version 10.05.0the developers have a total of nine weak points: CVE 2025-27835, CVE 2025-27832, CVE-2025-27831, CVE 2025-27836, CVE-2025-27833, CVE-2025-27837.
According to the developers, the CVE number of a security gap has not yet been awarded. A classification of the degree of threat of vulnerabilities is also pending.
According to the brief descriptions of the gaps (e.g. CVE-2025-27832), attackers can trigger storage errors with certain entries. As a rule, this leads to crashes (DOS), in many cases it can also get to systems via this path.
All expenses before 10.05.0 are affected by the security problems. In July 2024, the developers recently closed a malicious code gap that was used by attackers.
Discover more from Apple News
Subscribe to get the latest posts sent to your email.