CVE-2025-46646

Publication date 26 April 2025

Last updated 30 May 2025


Ubuntu priority

Cvss 3 Severity Score

4.5 · Medium

Score breakdown

In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.

Status

Package Ubuntu Release Status
ghostscript 25.04 plucky
Not affected
24.10 oracular
Fixed 10.03.1~dfsg1-0ubuntu2.3
24.04 LTS noble
Fixed 10.02.1~dfsg1-0ubuntu7.6
22.04 LTS jammy
Not affected
20.04 LTS focal
Not affected
18.04 LTS bionic
Not affected
16.04 LTS xenial
Not affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
ghostscript

Severity score breakdown

Parameter Value
Base score 4.5 · Medium
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Scope Changed
Confidentiality Low
Integrity impact Low
Availability impact None
Vector CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

References

Related Ubuntu Security Notices (USN)

Other references