Bug 2354949 (CVE-2025-27832) - CVE-2025-27832 Ghostscript: NPDL device: Compression buffer overflow
Summary: CVE-2025-27832 Ghostscript: NPDL device: Compression buffer overflow
Keywords:
Status: NEW
Alias: CVE-2025-27832
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2355021 2355022
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-03-25 21:01 UTC by OSIDB Bzimport
Modified: 2026-01-15 02:05 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:21915 0 None None None 2025-11-24 01:56:33 UTC
Red Hat Product Errata RHSA-2025:22869 0 None None None 2025-12-08 19:10:02 UTC
Red Hat Product Errata RHSA-2025:23153 0 None None None 2025-12-15 01:33:30 UTC
Red Hat Product Errata RHSA-2025:7586 0 None None None 2025-05-14 11:41:18 UTC
Red Hat Product Errata RHSA-2025:7593 0 None None None 2025-05-14 12:37:19 UTC
Red Hat Product Errata RHSA-2025:8421 0 None None None 2025-06-03 02:14:00 UTC

Description OSIDB Bzimport 2025-03-25 21:01:27 UTC 
An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c.
Comment 2 errata-xmlrpc 2025-05-14 11:41:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:7586 https://access.redhat.com/errata/RHSA-2025:7586
Comment 3 errata-xmlrpc 2025-05-14 12:37:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:7593 https://access.redhat.com/errata/RHSA-2025:7593
Comment 4 errata-xmlrpc 2025-06-03 02:13:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:8421 https://access.redhat.com/errata/RHSA-2025:8421
Comment 6 errata-xmlrpc 2025-11-24 01:56:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:21915 https://access.redhat.com/errata/RHSA-2025:21915
Comment 7 errata-xmlrpc 2025-12-08 19:10:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:22869 https://access.redhat.com/errata/RHSA-2025:22869
Comment 8 errata-xmlrpc 2025-12-15 01:33:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:23153 https://access.redhat.com/errata/RHSA-2025:23153
Comment 9 Duane Saunders 2026-01-15 02:05:41 UTC 
Good call — this is tracked as CVE-2025-27832. It affects Artifex Ghostscript versions before 10.05.0, where the NPDL device has a compression buffer overflow in contrib/japanese/gdevnpdl.c. This is a critical vulnerability (CVSS 9.8) and should be patched by updating to Ghostscript 10.05.0 or later.
More details here: https://nvd.nist.gov/vuln/detail/CVE-2025-27832 https://spacewavesonline.io
Note You need to log in before you can comment on or make changes to this bug.