CVE-2025-27836: 
Ghostscript vulnerability analysis and mitigation

A buffer overflow vulnerability was discovered in Artifex Ghostscript versions before 10.05.0. The issue specifically affects the BJ10V device in the contrib/japanese/gdev10v.c file. The vulnerability was disclosed on March 25, 2025, and was assigned identifier CVE-2025-27836 (NVD, Ubuntu).

The vulnerability occurs in the 'bj10vprintpage' function where an integer overflow can happen during buffer allocation when multiplying width and height parameters. This results in allocating a buffer shorter than required, leading to a buffer overflow condition. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The issue is classified as CWE-120: Buffer Copy without Checking Size of Input (NVD, Ghostscript Bug).

The vulnerability could potentially lead to remote code execution (RCE) if exploited successfully. When processing malformed document files, this could result in denial of service and potentially allow attackers to execute arbitrary code on affected systems (Debian Security).

The vulnerability has been patched in Ghostscript version 10.05.0 and later. Various Linux distributions have released security updates to address this issue: Ubuntu has fixed versions available for 24.10, 24.04 LTS, 22.04 LTS, and 20.04 LTS. Debian has addressed the issue in version 10.0.0~dfsg-11+deb12u7. Users are strongly recommended to upgrade to the fixed versions (Ubuntu, Debian Security).