CVE-2025-46646: 
Ghostscript vulnerability analysis and mitigation

In Artifex Ghostscript before version 10.05.0, a vulnerability was discovered in the decodeutf8 function within base/gputf8.c that mishandles overlong UTF-8 encoding. This issue exists because of an incomplete fix for CVE-2024-46954 (NVD, Ghostscript Bug).

The vulnerability stems from improper validation of UTF-8 sequences in the decode_utf8 function. The previous fix for CVE-2024-46954 failed to detect certain 2-byte sequences as being overlong. While 1-byte sequences encode 7 payload bits, 2-byte sequences only encode 6 payload bits in the second byte. The vulnerability allows payloads like \xc1\c9c to bypass the fix and write a \xc5, enabling path traversal. The issue has been assigned a CVSS v3.1 Base Score of 4.5 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N (NVD).

The vulnerability allows attackers to perform arbitrary file read, write, and directory listing operations on affected systems. Depending on system configuration, this could potentially lead to remote code execution. The vulnerability enables path traversal attacks by bypassing security checks through malformed UTF-8 sequences (Ghostscript Bug).

The vulnerability has been fixed in Ghostscript version 10.05.0. The fix includes proper validation of UTF-8 sequences, blocking invalid encodings including high/low surrogates and values outside the valid Unicode range. Users are advised to upgrade to version 10.05.0 or later (Ghostscript Commit).