CVE-2025-59798 is a stack-based buffer overflow vulnerability identified in Artifex Ghostscript versions up to and including 10.05.1. The flaw exists in the function pdf_write_cmap located in the source file devices/vector/gdevpdtw.c. A stack-based buffer overflow occurs when more data is written to a buffer located on the stack than it can hold, which can lead to corruption of adjacent memory, potentially allowing an attacker to alter program execution flow. In this case, the vulnerability does not require user interaction or privileges to exploit, but it does require local access to the system (AV:L - Attack Vector: Local). The vulnerability has a CVSS v3.1 base score of 4.3, categorized as medium severity. The vector indicates low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and a scope change (S:C), meaning the vulnerability can affect resources beyond the initially vulnerable component. The impact is limited to integrity (I:L) with no confidentiality or availability impact. No known exploits are currently reported in the wild, and no patches have been linked yet. Ghostscript is a widely used interpreter for PostScript and PDF files, often integrated into document processing workflows, print servers, and PDF rendering engines. The vulnerability could be triggered by processing specially crafted PDF files that exploit the buffer overflow in the cmap writing function, potentially allowing an attacker to manipulate the execution flow or corrupt memory, which might be leveraged for privilege escalation or code execution in local contexts.

For European organizations, the impact of CVE-2025-59798 depends largely on the deployment of Ghostscript within their IT environments. Ghostscript is commonly used in document management systems, print servers, and PDF processing pipelines across various sectors including government, finance, healthcare, and manufacturing. A successful exploitation could allow an attacker with local access to compromise the integrity of the affected system, potentially leading to unauthorized modifications or disruptions in document processing workflows. Although the vulnerability does not directly impact confidentiality or availability, integrity compromises could result in altered document outputs or corrupted processing results, which may have downstream effects on business operations and compliance. Organizations relying on automated PDF processing or print services that use vulnerable Ghostscript versions are at risk, especially if local users or malware can trigger the flaw. The lack of known exploits in the wild reduces immediate risk, but the presence of a stack-based buffer overflow with scope change indicates potential for future exploitation, particularly in environments where attackers can gain local access or leverage other vulnerabilities to escalate privileges.

1. Immediate assessment of all systems running Ghostscript versions up to 10.05.1 is critical to identify vulnerable instances. 2. Apply vendor patches or updates as soon as they become available; monitor Artifex communications for official fixes. 3. Restrict local access to systems running Ghostscript to trusted users only, minimizing the risk of local exploitation. 4. Implement application whitelisting and endpoint protection to detect and prevent execution of unauthorized or malicious PDF files that could trigger the vulnerability. 5. Employ strict input validation and sandboxing for document processing services to isolate Ghostscript processes and limit potential damage from exploitation. 6. Monitor logs and system behavior for anomalies related to PDF processing or Ghostscript execution. 7. Where possible, replace or supplement Ghostscript with alternative PDF processing tools that do not have this vulnerability until patches are applied. 8. Conduct user awareness training to reduce the risk of local users inadvertently triggering the vulnerability through malicious files.