Advisories » MGASA-2025-0170

Updated ghostscript packages fix security vulnerabilities

Publication date: 28 May 2025
Modification date: 28 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-48708

Description

gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript
before 10.05.1 lacks argument sanitization for the # case. A created PDF
document includes its password in cleartext. (CVE-2025-48708)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34307
• https://www.openwall.com/lists/oss-security/2025/05/23/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48708

SRPMS

9/core

• ghostscript-10.05.1-1.mga9