Created attachment 26193 [details] patch When the "npdl" device allocates a compression buffer, an integer overflow can occur during the multiplication of width and height, leading to allocation of a buffer that is shorter than needed, and subsequently a buffer overflow.
Created attachment 26194 [details] exploit Exploit for x64 Linux gs -q -dNOPAUSE -sDEVICE=npdl -sOutputFile=/dev/null mhcompress.ps
Adopted, but "parked" until the next release. Thanks Zdenek.
CVE-2025-27832
Applied: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=36ac25fca7b