CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27837 – openSUSE Security Advisory - openSUSE-SU-2025:14953-1
https://notcve.org/view.php?id=CVE-2025-27837
25 Mar 2025 — An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp. These are all security issues fixed in the ghostscript-10.05.0-1.1 package on the GA media of openSUSE Tumbleweed. • https://bugs.ghostscript.com/show_bug.cgi?id=708238 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27836 – Debian Security Advisory 5888-1
https://notcve.org/view.php?id=CVE-2025-27836
25 Mar 2025 — An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c. It was discovered that Ghostscript incorrectly serialized DollarBlend in certain fonts. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Ghostscript incorrectly handled the DOCXWRITE TXTWRITE device. • https://bugs.ghostscript.com/show_bug.cgi?id=708192 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27835 – Debian Security Advisory 5888-1
https://notcve.org/view.php?id=CVE-2025-27835
25 Mar 2025 — An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c. It was discovered that Ghostscript incorrectly serialized DollarBlend in certain fonts. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Ghostscript incorrectly handled the DOCXWRITE TXTWRITE device. • https://bugs.ghostscript.com/show_bug.cgi?id=708131 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27830 – Debian Security Advisory 5888-1
https://notcve.org/view.php?id=CVE-2025-27830
25 Mar 2025 — An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c. It was discovered that Ghostscript incorrectly serialized DollarBlend in certain fonts. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Ghostscript incorrectly handled the DOCXWRITE TXTWRITE device. • https://bugs.ghostscript.com/show_bug.cgi?id=708241 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27834 – Debian Security Advisory 5888-1
https://notcve.org/view.php?id=CVE-2025-27834
25 Mar 2025 — An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c. It was discovered that Ghostscript incorrectly serialized DollarBlend in certain fonts. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Ghostscript incorrectly handled the DOCXWRITE TXTWRITE device. • https://bugs.ghostscript.com/show_bug.cgi?id=708253 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27832 – Ghostscript: NPDL device: Compression buffer overflow
https://notcve.org/view.php?id=CVE-2025-27832
25 Mar 2025 — An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c. A flaw was found in Artifex Ghostscript. The NPDL device has a compression buffer overflow for contrib/japanese/gdevnpdl.c. It was discovered that OpenJPEG, vendored in Ghostscript did not correctly handle large image files. • https://bugs.ghostscript.com/show_bug.cgi?id=708133 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2581 – xmedcon DICOM File malloc integer underflow
https://notcve.org/view.php?id=CVE-2025-2581
21 Mar 2025 — A vulnerability has been found in xmedcon 0.25.0 and classified as problematic. Affected by this vulnerability is the function malloc of the component DICOM File Handler. The manipulation leads to integer underflow. The attack can be launched remotely. Upgrading to version 0.25.1 is able to address this issue. • https://vuldb.com/?ctiid.300541 • CWE-189: Numeric Errors CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2025-2487 – 389-ds-base: null pointer dereference leads to denial of service
https://notcve.org/view.php?id=CVE-2025-2487
18 Mar 2025 — A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MODDN operation after a failed operation, it could lead to a Denial of Service (DoS) or system crash. An update for the redhat-ds:12 module is now available for Red Hat Directory Server 12.4 EUS for RHEL 9. Issues addressed include denial of service and null p... • https://access.redhat.com/security/cve/CVE-2025-2487 • CWE-476: NULL Pointer Dereference •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2295 – Potential iSCSI R2T PDU Vulnerability
https://notcve.org/view.php?id=CVE-2025-2295
14 Mar 2025 — EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. • https://github.com/tianocore/edk2/security/advisories/GHSA-8522-69fh-w74x • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2310 – HDF5 Metadata Attribute Decoder H5MM_strndup heap-based overflow
https://notcve.org/view.php?id=CVE-2025-2310
14 Mar 2025 — A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MM_strndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. • https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc4.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •