Security patch: Attackers can exploit nine vulnerabilities in Ghostscript
The PostScript and PDF interpreter Ghostscript is vulnerable. Users should install the latest version.
(Image: AFANASEV IVAN/Shutterstock.com)
Ghostscript can be attacked via several security vulnerabilities. Further information on the vulnerabilities is still pending. A security patch is available. There are currently no reports of attacks.
Security problems
As can be seen from the changelog for the current Ghostscript version 10.05.0, the developers have closed a total of nine vulnerabilities: CVE-2025-27835, CVE-2025-27832, CVE-2025-27831, CVE-2025-27836, CVE-2025-27830, CVE-2025-27833, CVE-2025-27837 and CVE-2025-27834.
According to the developers, the CVE number of a vulnerability has not yet been assigned. A classification of the threat level of the vulnerabilities is also still pending.
Videos by heise
According to the short descriptions of the vulnerabilities (e.g. CVE-2025-27832), attackers can trigger memory errors with certain inputs. This usually leads to crashes (DoS), but in many cases malicious code can also reach systems in this way.
All versions prior to 10.05.0 are affected by the security problems. The developers last closed a malicious code gap exploited by attackers in July 2024.
(des)
