CVE-2025-7462: 
Ghostscript vulnerability analysis and mitigation

A vulnerability (CVE-2025-7462) was discovered in Artifex GhostPDL up to version 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. The vulnerability affects the pdf_ferror function in the devices/vector/gdevpdf.c file, specifically within the New Output File Open Error Handler component. The issue was disclosed on July 11, 2025, and has been classified as problematic (VulDB, NVD).

The vulnerability is classified as a null pointer dereference issue (CWE-476) and improper resource shutdown or release (CWE-404). It has received a CVSS v3.1 base score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L. The CVSS v4.0 assessment indicates a base score of 5.3 (MEDIUM) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N (VulDB).

The vulnerability primarily affects system availability when exploited. A successful exploitation can lead to a system crash or exit when the application dereferences a NULL pointer that it expects to be valid (VulDB).

A patch has been released to address this vulnerability. The fix is identified by the commit ID 619a106ba4c4abed95110f84d5efcd7aee38c7cb and is available for download from the GhostPDL repository. It is recommended to apply this patch to affected systems (VulDB).