CVE-2025-46646

Public on 2025-04-26

Modified on 2025-04-30

Description

In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.

Severity

Medium

CVSS v3 Base Score

4.5

See breakdown

Affected Packages

Platform	Package	Status
HAQM Linux 1	ghostscript	Not Affected
HAQM Linux 2 - Core	ghostscript	Not Affected
HAQM Linux 2023	ghostscript	Not Affected

CVSS Scores

	Score Type	Score	Vector
HAQM Linux	CVSSv3	4.5	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
NVD	CVSSv3	4.5	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

References

Red Hat: CVE-2025-46646 Mitre: CVE-2025-46646