Security Announcement on CVE-2025-27832

We will update this announcement with new details as they emerge from our analysis. Please check back periodically.

Last update: 04 April 2025, 18:00 CET

CVE-2025-27832 is a critical vulnerability in Ghostscript. Attackers can trigger memory errors with certain inputs. This leads to crashes (DoS). Malicious code can also reach systems in this way.

All versions prior to 10.05.0 are affected. Version 10.05.0 fixes the security vulnerability. Install this or a later version.

Further official information on this can be found at the National Institute of Standards and Technology.

enaio® (all supported versions: 10.10, 11.0, 11.10)

Ghostscript is used by enaio® documentviewer in all versions for conversion. Ghostscript is not installed during the installation for licensing reasons. However, we have provided installation data which is affected by this vulnerability.

The following hotfixes from 02 April 2025 have updated the installation data for Ghostscript to version 10.05.0:

osdocumentviewer_hotfix.exe 11.10.0.4
osdocumentviewer_hotfix.exe 11.0.0.13
osdocumentviewer_hotfix.exe 10.10.0.22

Navigation

Navigate through the help pages using the table of contents on the left. If it is not displayed when the window width is small, you can temporarily show it via the hamburger menu on the right.

Use the arrows on the toolbar to navigate to the next/previous page.

You can show hidden areas. Use the toolbar to show all hidden areas at once:

Clicking the product icon in the header returns you to the beginning of the current area. Use the toolbar to access the initial page: