HCE2-SA-2026-0010 Moderate HCE 2.0 Security Fix(es): Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value. (CVE-2025-59799) gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext. (CVE-2025-48708) In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8. (CVE-2025-59800) Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c. (CVE-2025-59798) HCE 2.0 ghostscript-9.55.0-20.r2.hce2.x86_64.rpm ghostscript-devel-9.55.0-20.r2.hce2.x86_64.rpm ghostscript-help-9.55.0-20.r2.hce2.noarch.rpm ghostscript-tools-dvipdf-9.55.0-20.r2.hce2.x86_64.rpm ghostscript-9.55.0-20.r2.hce2.aarch64.rpm ghostscript-devel-9.55.0-20.r2.hce2.aarch64.rpm ghostscript-tools-dvipdf-9.55.0-20.r2.hce2.aarch64.rpm