CVE-2025-27832
Published: 25 March 2025
Summary
CVE-2025-27832 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Artifex Ghostscript. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 43.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-27832 is a compression buffer overflow vulnerability in the NPDL device of Artifex Ghostscript versions before 10.05.0, located in the file contrib/japanese/gdevnpdl.c. This flaw, classified as CWE-120 (Buffer Copy without Checking Size of Input), carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.
Remote attackers can exploit this vulnerability over the network with low attack complexity, no required privileges, and no user interaction. Exploitation grants high confidentiality, integrity, and availability impacts, enabling outcomes such as arbitrary code execution on affected systems processing malicious PostScript or PDF files via Ghostscript.
Advisories recommend upgrading to Ghostscript 10.05.0 or later to mitigate the issue. Key references include the Ghostscript bug tracker entry at https://bugs.ghostscript.com/show_bug.cgi?id=708133, which documents the fix, and the Debian LTS announcement at https://lists.debian.org/debian-lts-announce/2025/04/msg00014.html, outlining patches for Debian systems.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-8093
Vulnerability details
An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The buffer overflow in Ghostscript enables remote arbitrary code execution via malicious PostScript/PDF file processing, directly mapping to exploitation for client execution in document interpreter software.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the CVE by requiring timely identification, reporting, and correction of the buffer overflow flaw in Ghostscript via patching or upgrading to version 10.05.0 or later.
Implements memory protections like address space layout randomization and data execution prevention to block arbitrary code execution from the buffer overflow exploitation.
Restricts Ghostscript to least functionality by disabling unnecessary output devices such as the vulnerable NPDL device, avoiding the specific code path exploited in gdevnpdl.c.