CVE-2025-59801 — Vulnetix

CVE-2025-59801 PUBLISHED CVSS 4.300000190734863 MEDIUM

In Artifex GhostXPS before 10.06.0, there is a stack-based buffer overflow in xps_unpredict_tiff in xpstiff.c because the samplesperpixel value is not checked.

EPSS 0.02% · 5.7th percentile

Risk Scores

CVSS v3.1

4.300000190734863

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

EPSS Score

0.02%

5.7th percentile

Affected Products

Vendor	Product	Versions
Artifex	GhostXPS	0

Timeline

Sep 22, 2025 CVE Published
Sep 22, 2025 EPSS Score
Sep 22, 2025 PoC Published
Sep 23, 2025 CVE Updated
Sep 29, 2025 EPSS Score
Oct 4, 2025 Coalition ESS Score
Oct 6, 2025 EPSS Score
Oct 6, 2025 Coalition ESS Score
Oct 13, 2025 EPSS Score
Oct 19, 2025 EPSS Score
Oct 26, 2025 EPSS Score
Oct 27, 2025 Coalition ESS Score

References

https://bugs.ghostscript.com/show_bug.cgi?id=708819 url
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=99727069197d548a8db69ba5d63f766bff40eaab url
https://nvd.nist.gov/vuln/detail/CVE-2025-59801 advisory

Open in Interactive Console →