CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27833 – Debian Security Advisory 5888-1
https://notcve.org/view.php?id=CVE-2025-27833
25 Mar 2025 — An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c. It was discovered that Ghostscript incorrectly serialized DollarBlend in certain fonts. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Ghostscript incorrectly handled the DOCXWRITE TXTWRITE device. • https://bugs.ghostscript.com/show_bug.cgi?id=708259 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27834 – Debian Security Advisory 5888-1
https://notcve.org/view.php?id=CVE-2025-27834
25 Mar 2025 — An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c. It was discovered that Ghostscript incorrectly serialized DollarBlend in certain fonts. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Ghostscript incorrectly handled the DOCXWRITE TXTWRITE device. • https://bugs.ghostscript.com/show_bug.cgi?id=708253 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27835 – Debian Security Advisory 5888-1
https://notcve.org/view.php?id=CVE-2025-27835
25 Mar 2025 — An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c. It was discovered that Ghostscript incorrectly serialized DollarBlend in certain fonts. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Ghostscript incorrectly handled the DOCXWRITE TXTWRITE device. • https://bugs.ghostscript.com/show_bug.cgi?id=708131 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27836 – Debian Security Advisory 5888-1
https://notcve.org/view.php?id=CVE-2025-27836
25 Mar 2025 — An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c. It was discovered that Ghostscript incorrectly serialized DollarBlend in certain fonts. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Ghostscript incorrectly handled the DOCXWRITE TXTWRITE device. • https://bugs.ghostscript.com/show_bug.cgi?id=708192 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27837
https://notcve.org/view.php?id=CVE-2025-27837
25 Mar 2025 — An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp. • https://bugs.ghostscript.com/show_bug.cgi?id=708238 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2581 – xmedcon DICOM File malloc integer underflow
https://notcve.org/view.php?id=CVE-2025-2581
21 Mar 2025 — A vulnerability has been found in xmedcon 0.25.0 and classified as problematic. Affected by this vulnerability is the function malloc of the component DICOM File Handler. The manipulation leads to integer underflow. The attack can be launched remotely. Upgrading to version 0.25.1 is able to address this issue. • https://vuldb.com/?ctiid.300541 • CWE-189: Numeric Errors CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-2487 – 389-ds-base: null pointer dereference leads to denial of service
https://notcve.org/view.php?id=CVE-2025-2487
18 Mar 2025 — A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MODDN operation after a failed operation, it could lead to a Denial of Service (DoS) or system crash. • https://access.redhat.com/security/cve/CVE-2025-2487 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2357 – DCMTK dcmjpls JPEG-LS Decoder memory corruption
https://notcve.org/view.php?id=CVE-2025-2357
17 Mar 2025 — A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. The attack can be initiated remotely. • https://support.dcmtk.org/redmine/issues/1155 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2295 – Potential iSCSI R2T PDU Vulnerability
https://notcve.org/view.php?id=CVE-2025-2295
14 Mar 2025 — EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. • https://github.com/tianocore/edk2/security/advisories/GHSA-8522-69fh-w74x • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2310 – HDF5 Metadata Attribute Decoder H5MM_strndup heap-based overflow
https://notcve.org/view.php?id=CVE-2025-2310
14 Mar 2025 — A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MM_strndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. • https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc4.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •