CVE-2025-27833: 
Ghostscript vulnerability analysis and mitigation

A buffer overflow vulnerability was discovered in Artifex Ghostscript versions before 10.05.0. The vulnerability (CVE-2025-27833) was reported on January 20, 2025, and involves a buffer overflow condition that occurs when processing long TTF font names in the pdf/pdf_fmap.c file. The vulnerability affects the Ghostscript PDF processing component (NVD, Debian Tracker).

The vulnerability exists in the 'pdfittfaddtonativemap' function, which fails to validate the length of font names before copying them to a destination buffer. The issue received a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-120 (Buffer Copy without Checking Size of Input) ([Ghostscript Bug](https://bugs.ghostscript.com/showbug.cgi?id=708259), NVD).

The buffer overflow vulnerability could potentially lead to remote code execution (RCE) when processing maliciously crafted PDF files containing specially formatted TTF fonts. This could result in unauthorized code execution with the privileges of the Ghostscript process (Ghostscript Bug).

The vulnerability has been patched in Ghostscript version 10.05.0. Users are advised to upgrade to this version or later. Various Linux distributions have also released security updates to address this vulnerability. For instance, Debian has released fixes for affected versions in their security updates (Debian Tracker, Ubuntu Security).