CVE-2025-59800 is a medium severity vulnerability identified in Artifex Ghostscript versions up to 10.05.1. The flaw exists in the function ocr_begin_page within the devices/gdevpdfocr.c source file. Specifically, it is an integer overflow (CWE-190) vulnerability that leads to a heap-based buffer overflow in the ocr_line8 function. The integer overflow occurs when calculations involving page data sizes exceed the maximum value representable by the integer type, causing wraparound. This results in an underestimation of the buffer size needed, leading to a heap buffer overflow when ocr_line8 attempts to process OCR data. The vulnerability does not require privileges or user interaction to exploit, but it requires local access (AV:L) to the system where Ghostscript is installed. The CVSS 3.1 score is 4.3 (medium), reflecting limited impact on confidentiality and availability but some impact on integrity due to potential memory corruption. The scope is changed (S:C), indicating that the vulnerability could affect components beyond the initially vulnerable code. No known exploits are currently in the wild, and no patches have been linked yet. Ghostscript is a widely used interpreter for PostScript and PDF files, often employed in document processing, printing, and conversion workflows. The vulnerability could be triggered by processing maliciously crafted PDF or PostScript files containing OCR data, potentially allowing an attacker to corrupt memory and cause unpredictable behavior or code execution in the context of the Ghostscript process.

For European organizations, the impact of CVE-2025-59800 depends on the extent to which Ghostscript is integrated into their document processing pipelines. Many enterprises, government agencies, and service providers use Ghostscript for PDF rendering, printing services, and automated document workflows. Exploitation could lead to integrity violations, such as arbitrary code execution or process crashes, potentially disrupting critical document handling systems. This could affect sectors like finance, healthcare, legal, and public administration where document integrity and availability are crucial. Since the vulnerability requires local access, the risk is higher in environments where untrusted users or processes can submit documents for processing. The heap overflow could be leveraged to escalate privileges or move laterally within a network if combined with other vulnerabilities. Although no known exploits exist yet, the presence of this vulnerability in a widely deployed open-source tool means attackers may develop exploits in the future, increasing risk over time.

European organizations should proactively audit their use of Ghostscript, particularly versions up to 10.05.1, and identify systems where it processes untrusted or external documents. Until an official patch is released, organizations should consider the following mitigations: 1) Restrict access to Ghostscript processing services to trusted users and networks only, minimizing local access by untrusted parties. 2) Implement strict input validation and sandboxing around document processing workflows to isolate Ghostscript execution and limit potential damage from exploitation. 3) Monitor logs for unusual crashes or errors in Ghostscript processes that may indicate exploitation attempts. 4) Where possible, disable OCR-related features if not required, reducing the attack surface. 5) Prepare for rapid patch deployment once a fix is available by maintaining an inventory of affected systems. 6) Employ application whitelisting and endpoint protection solutions that can detect anomalous behavior resulting from memory corruption exploits. These targeted steps go beyond generic advice by focusing on access control, input sanitization, and operational monitoring specific to Ghostscript's OCR functionality.