---

CVE-2025-48708 - log back

CVE-2025-48708 edited at 09 Jun 2025 21:41:38
Type	- Insufficient validation + Information disclosure

CVE-2025-48708 created at 24 May 2025 04:10:51
Severity	+ Low
Remote	+ Local
Type	+ Insufficient validation
Description	+ gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.
References	+ https://bugs.ghostscript.com/show_bug.cgi?id=708446 + https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?h=gs10.05.1&id=5b5968c306b3e35cdeec83bb15026fd74a7334de
Notes