ASA-202505-15 log raw

Arch Linux Security Advisory ASA-202505-15 ========================================== Severity: Low Date : 2025-05-24 CVE-ID : CVE-2025-48708 Package : ghostscript Type : information disclosure Remote : No Link : https://security.archlinux.org/AVG-2883 Summary ======= The package ghostscript before version 10.05.1-2 is vulnerable to information disclosure. Resolution ========== Upgrade to 10.05.1-2. # pacman -Syu "ghostscript>=10.05.1-2" The problem has been fixed upstream in version 10.05.1. Workaround ========== None. Description =========== gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext. Impact ====== A local attacker can access the password used to protect a PDF in cleartext. References ========== https://bugs.ghostscript.com/show_bug.cgi?id=708446 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?h=gs10.05.1&id=5b5968c306b3e35cdeec83bb15026fd74a7334de https://security.archlinux.org/CVE-2025-48708