AI description
CVE-2025-48708 affects Artifex Ghostscript versions through 10.05.0 (and before 10.05.1 according to some sources). The vulnerability lies in the `gs_lib_ctx_stash_sanitized_arg` function within the `base/gslibctx.c` file. This function lacks proper argument sanitization for the '#' case. Due to this lack of sanitization, a created PDF document may include its password in cleartext. This could expose sensitive information if the PDF is shared or stored without proper protection.
- Description
- gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 4
- Impact score
- 1.4
- Exploitability score
- 2.5
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- cve@mitre.org
- CWE-212
- Hype score
- Not currently trending
CVE-2025-48708: A vulnerability in Artifex Ghostscript before version 10.05.1 causes the plaintext password used to protect a PDF file to be embedded in the output. The issue is due to a lack of argument sanitization in gs_lib_ctx_stash_sanitized_arg (base/gslibctx.c), https://t
@cyber_advising
25 May 2025
684 Impressions
0 Retweets
5 Likes
1 Bookmark
0 Replies
0 Quotes
GitHub - B1tBreaker/CVE-2025-48708: CVE-2025-48708 Ghostscript PDF lack of argument sanitization leading to password leakage https://t.co/5u4XUcWNVC
@akaclandestine
25 May 2025
3313 Impressions
19 Retweets
70 Likes
30 Bookmarks
1 Reply
0 Quotes
CVE-2025-48708: ghostscript can embed plaintext password in encrypted PDFs https://t.co/zHx49iDoYQ the full command-line input, including the plaintext password, is embedded at the beginning of the generated PDF file
@oss_security
23 May 2025
1427 Impressions
2 Retweets
11 Likes
3 Bookmarks
0 Replies
1 Quote