UbuntuUpdates.org

Package "ghostscript-x"

Name: ghostscript-x

Description:

interpreter for the PostScript language and for PDF - X11 support
Latest version: 9.55.0~dfsg1-0ubuntu5.13
Release: jammy (22.04)
Level: security
Repository: main
Head package: ghostscript
Homepage: https://www.ghostscript.com/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ghostscript-x"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "ghostscript-x" in Jammy

Repository Area Version
base main 9.55.0~dfsg1-0ubuntu5
updates main 9.55.0~dfsg1-0ubuntu5.13

Changelog

Version: 9.55.0~dfsg1-0ubuntu5.13 2025-09-29 15:07:02 UTC

  ghostscript (9.55.0~dfsg1-0ubuntu5.13) jammy-security; urgency=medium

  * SECURITY UPDATE: null pointer deref on file write failure
    - debian/patches/CVE-2025-7462.patch: catch a null file pointer closing
      pdfwrite in devices/vector/gdevpdf.c.
    - CVE-2025-7462
  * SECURITY UPDATE: stack overflow in pdf_write_cmap
    - debian/patches/CVE-2025-59798.patch: use dynamically allocated buffer
      and check return codes in devices/vector/gdevpdtw.c.
    - CVE-2025-59798
  * SECURITY UPDATE: stack overflow in pdfmark_coerce_dest
    - debian/patches/CVE-2025-59799.patch: bounds check some strings in
      devices/vector/gdevpdfm.c.
    - CVE-2025-59799
  * SECURITY UPDATE: heap overflow in ocr_begin_page
    - debian/patches/CVE-2025-59800.patch: fix int overflow in
      devices/gdevpdfocr.c.
    - CVE-2025-59800

 -- Marc Deslauriers <email address hidden> Thu, 25 Sep 2025 12:42:27 -0400
Source diff to previous version
CVE-2025-7462 A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the
CVE-2025-59798 Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c.
CVE-2025-59799 Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value.
CVE-2025-59800 In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in

Version: 9.55.0~dfsg1-0ubuntu5.12 2025-07-08 06:06:56 UTC

  ghostscript (9.55.0~dfsg1-0ubuntu5.12) jammy-security; urgency=medium

  * SECURITY UPDATE: Information Leak
    - debian/patches/CVE-2025-48708.patch: Argument sanitization handle
      '#' as per '='
    - CVE-2025-48708

 -- Bruce Cable <email address hidden> Thu, 03 Jul 2025 15:29:51 +1000
Source diff to previous version
CVE-2025-48708 gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF doc

Version: 9.55.0~dfsg1-0ubuntu5.11 2025-03-27 16:06:53 UTC

  ghostscript (9.55.0~dfsg1-0ubuntu5.11) jammy-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow via serialization of DollarBlend
    - debian/patches/CVE-2025-27830.patch: fix potential Buffer overflow
      in base/write_t1.c, psi/zfapi.c.
    - CVE-2025-27830
  * SECURITY UPDATE: Text buffer overflow with long characters
    - debian/patches/CVE-2025-27831-pre1.patch: fix decode_glyph for
      Unicode in devices/vector/doc_common.c.
    - debian/patches/CVE-2025-27831.patch: prevent Unicode decoding overrun
      in devices/vector/doc_common.c.
    - CVE-2025-27831
  * SECURITY UPDATE: Compression buffer overflow
    - debian/patches/CVE-2025-27832.patch: avoid integer overflow leading
      to buffer overflow in contrib/japanese/gdevnpdl.c.
    - CVE-2025-27832
  * SECURITY UPDATE: Buffer overflow caused by an oversized Type 4 function
    - debian/patches/CVE-2025-27834.patch: guard against unsigned int
      overflow in pdf/pdf_func.c.
    - CVE-2025-27834
  * SECURITY UPDATE: Buffer overflow when converting glyphs to unicode
    - debian/patches/CVE-2025-27835.patch: fix confusion between bytes and
      shorts in psi/zbfont.c.
    - CVE-2025-27835
  * SECURITY UPDATE: Print buffer overflow
    - debian/patches/CVE-2025-27836-1.patch: fix potential print buffer
      overflow in contrib/japanese/gdev10v.c.
    - debian/patches/CVE-2025-27836-2.patch: fix compiler warnings in
      contrib/japanese/gdev10v.c.
    - CVE-2025-27836

 -- Marc Deslauriers <email address hidden> Tue, 25 Mar 2025 14:57:48 -0400
Source diff to previous version
CVE-2025-27830 An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write
CVE-2025-27831 An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to device
CVE-2025-27832 An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c.
CVE-2025-27834 An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf
CVE-2025-27835 An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c.
CVE-2025-27836 An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c.

Version: 9.55.0~dfsg1-0ubuntu5.10 2024-11-12 19:07:08 UTC

  ghostscript (9.55.0~dfsg1-0ubuntu5.10) jammy-security; urgency=medium

  * SECURITY UPDATE: incorrect Pattern Implementation type handling
    - debian/patches/CVE-2024-46951.patch: check the type of the Pattern
      Implementation in psi/zcolor.c.
    - CVE-2024-46951
  * SECURITY UPDATE: Buffer overflow in PDF XRef stream
    - debian/patches/CVE-2024-46952.patch: sanitise W array values in Xref
      streams in pdf/pdf_xref.c.
    - CVE-2024-46952
  * SECURITY UPDATE: output filename overflow
    - debian/patches/CVE-2024-46953.patch: check for overflow validating
      format string for the output file name in base/gsdevice.c.
    - CVE-2024-46953
  * SECURITY UPDATE: Out of bounds read when reading color
    - debian/patches/CVE-2024-46955.patch: check Indexed colour space index
      in psi/zcolor.c.
    - CVE-2024-46955
  * SECURITY UPDATE: incorrect buffer length check
    - debian/patches/CVE-2024-46956.patch: fix length check in psi/zfile.c.
    - CVE-2024-46956

 -- Marc Deslauriers <email address hidden> Wed, 06 Nov 2024 11:57:58 -0500
Source diff to previous version
CVE-2024-46951 An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead
CVE-2024-46952 An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (rel
CVE-2024-46953 An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for th
CVE-2024-46955 An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color spa
CVE-2024-46956 An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code

Version: 9.55.0~dfsg1-0ubuntu5.9 2024-07-15 15:07:23 UTC

  ghostscript (9.55.0~dfsg1-0ubuntu5.9) jammy-security; urgency=medium

  * SECURITY UPDATE: stack-based buffer overflow via long PDF filter name
    - debian/patches/CVE-2024-29506.patch: don't allow PDF files with bad
      Filters to overflow the debug buffer in pdf/pdf_file.c.
    - CVE-2024-29506
  * SECURITY UPDATE: heap-based pointer disclosure via constructed BaseFont
    name
    - debian/patches/CVE-2024-29508.patch: review printing of pointers in
      base/gsfont.c, base/gsicc_cache.c, base/gsmalloc.c, base/gxclmem.c,
      base/gxcpath.c, base/gxpath.c, base/szlibc.c, devices/gdevupd.c,
      devices/vector/gdevpdtb.c, psi/ialloc.c, psi/igc.c, psi/igcstr.c,
      psi/iinit.c, psi/imainarg.c, psi/isave.c, psi/iutil.c.
    - debian/patches/CVE-2024-29508-2.patch: remove extra arguments in
      devices/gdevupd.c.
    - CVE-2024-29508
  * SECURITY UPDATE: heap-based overflow via PDFPassword with null byte
    - debian/patches/CVE-2024-29509.patch: don't use strlen on passwords in
      pdf/pdf_sec.c.
    - CVE-2024-29509
  * SECURITY UPDATE: directory traversal issue via OCRLanguage
    - debian/patches/CVE-2024-29511.patch: reject OCRLanguage changes after
      SAFER enabled in devices/gdevocr.c, devices/gdevpdfocr.c,
      devices/vector/gdevpdfp.c.
    - debian/patches/CVE-2024-29511-2.patch: original fix was overly
      aggressive in devices/gdevocr.c, devices/gdevpdfocr.c,
      devices/vector/gdevpdf.c, devices/vector/gdevpdfp.c.
    - debian/libgs9.symbols: mark some symbols as optional.
    - CVE-2024-29511

 -- Marc Deslauriers <email address hidden> Thu, 11 Jul 2024 12:07:09 -0400
CVE-2024-29506 Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name.
CVE-2024-29508 Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_allo
CVE-2024-29509 Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle.
CVE-2024-29511 Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing o


About   -   Send Feedback to @ubuntu_updates