Ghost Trap

by PaperCut Software Int. Pty. Ltd.v1.6.10.04

Last updated Jun 8, 2026

Ghostscript trapped in a sandbox

Install with winget

$ winget install --id PaperCutSoftware.GhostTrap --exact --version 1.6.10.04

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Silent install command for Ghost Trap

Ghost Trap uses EXE (Inno Setup). The silent install switches are /VERYSILENT /SUPPRESSMSGBOXES /NORESTART.

One-line silent install (x64, machine scope)

ghost-trap-installer-1.6.10.04.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

See the full silent install reference for Ghost Trap →

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

About

Ghost Trap is used to securely convert PostScript and PDF files from untrusted sources into images. It's a modified distribution of the GPL Ghostscript PDL interpreter secured and sandboxed using Google Chrome sandbox technology. The objective of the project is to bring best-of-breed security to Ghostscript's command-line conversion applications on MS Windows.

Installers · v1.6.10.04

Architecture	Type	Scope	Install	Download
x64	EXE Inno Setup	machine		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

25 known CVEs via NVD

medium4.3Fix availableCVE-2025-59800affects <=10.05.1Sep 21, 2025
In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8.
Patch
medium4.3Fix availableCVE-2025-59799affects <=10.05.1Sep 21, 2025
Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value.
Patch
medium4.3Fix availableCVE-2025-59798affects <=10.05.1Sep 21, 2025
Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c.
Patch
medium4.0Fix in v10.05.1CVE-2025-48708affects before 10.05.1May 22, 2025
gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.
Patch
medium4.5Fix in v10.05.0CVE-2025-46646affects before 10.05.0Apr 26, 2025
In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.
Patch
critical9.8Fix in v10.05.0CVE-2025-27837affects before 10.05.0Mar 25, 2025
An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.
Patch
critical9.8Fix in v10.05.0CVE-2025-27836affects before 10.05.0Mar 25, 2025
An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c.
Patch
high7.8Fix in v10.05.0CVE-2025-27835affects before 10.05.0Mar 25, 2025
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c.
Patch

Showing 8 of 25. Source: NVD, updated 5h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Frequently asked questions

How do I install Ghost Trap on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id PaperCutSoftware.GhostTrap --exact --version 1.6.10.04. winget downloads the installer from PaperCut Software Int. Pty. Ltd. and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Ghost Trap silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id PaperCutSoftware.GhostTrap --exact 1.6.10.04 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

What are the silent install switches for Ghost Trap?

Ghost Trap uses EXE (Inno Setup). Run the downloaded installer with: ghost-trap-installer-1.6.10.04.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART. The silent switches are /VERYSILENT /SUPPRESSMSGBOXES /NORESTART.

How do I uninstall Ghost Trap via winget?

Run: winget uninstall --id PaperCutSoftware.GhostTrap --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Ghost Trap's Apps & Features entry.

Is Ghost Trap free?

Ghost Trap is distributed under AGPL-3.0. Refer to the publisher (https://www.papercut.com/help/manuals/mobility-print/how-it-works/ghost-trap-script/) for the full license terms - Wingetly itself does not charge for installation.

Does Ghost Trap work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Ghost Trap directly from the publisher.

How do I keep Ghost Trap up to date?

Run winget upgrade --id PaperCutSoftware.GhostTrap --exact, or winget upgrade --all to update everything winget tracks. We index 1 version of Ghost Trap from microsoft/winget-pkgs.