Package "libgs-common"
| Name: |
libgs-common
|
Description: |
interpreter for the PostScript language and for PDF - ICC profiles
|
| Latest version: |
10.02.1~dfsg1-0ubuntu7.8 |
| Release: |
noble (24.04) |
| Level: |
security |
| Repository: |
main |
| Head package: |
ghostscript |
| Homepage: |
https://www.ghostscript.com/ |
Links
Download "libgs-common"
Other versions of "libgs-common" in Noble
Changelog
|
ghostscript (10.02.1~dfsg1-0ubuntu7.8) noble-security; urgency=medium
* SECURITY UPDATE: null pointer deref on file write failure
- debian/patches/CVE-2025-7462.patch: catch a null file pointer closing
pdfwrite in devices/vector/gdevpdf.c.
- CVE-2025-7462
* SECURITY UPDATE: stack overflow in pdf_write_cmap
- debian/patches/CVE-2025-59798.patch: use dynamically allocated buffer
and check return codes in devices/vector/gdevpdtw.c.
- CVE-2025-59798
* SECURITY UPDATE: stack overflow in pdfmark_coerce_dest
- debian/patches/CVE-2025-59799.patch: bounds check some strings in
devices/vector/gdevpdfm.c.
- CVE-2025-59799
* SECURITY UPDATE: heap overflow in ocr_begin_page
- debian/patches/CVE-2025-59800.patch: fix int overflow in
devices/gdevpdfocr.c.
- CVE-2025-59800
-- Marc Deslauriers <email address hidden> Thu, 25 Sep 2025 12:37:20 -0400
|
| Source diff to previous version |
| CVE-2025-7462 |
A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the |
| CVE-2025-59798 |
Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c. |
| CVE-2025-59799 |
Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value. |
| CVE-2025-59800 |
In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in |
|
|
ghostscript (10.02.1~dfsg1-0ubuntu7.7) noble-security; urgency=medium
* SECURITY UPDATE: Information Leak
- debian/patches/CVE-2025-48708.patch: Argument sanitization handle
'#' as per '='
- CVE-2025-48708
-- Bruce Cable <email address hidden> Thu, 03 Jul 2025 15:29:52 +1000
|
| Source diff to previous version |
| CVE-2025-48708 |
gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF doc |
|
|
ghostscript (10.02.1~dfsg1-0ubuntu7.6) noble-security; urgency=medium
* SECURITY UPDATE: directory escape via overlong encodings
- debian/patches/CVE-2025-46646.patch: handle another set of sequences
in base/gp_utf8.c.
- CVE-2025-46646
-- Marc Deslauriers <email address hidden> Wed, 30 Apr 2025 09:26:37 -0400
|
| Source diff to previous version |
| CVE-2025-46646 |
In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomp |
|
|
ghostscript (10.02.1~dfsg1-0ubuntu7.5) noble-security; urgency=medium
* SECURITY UPDATE: Buffer overflow via serialization of DollarBlend
- debian/patches/CVE-2025-27830.patch: fix potential Buffer overflow
in base/write_t1.c, psi/zfapi.c.
- CVE-2025-27830
* SECURITY UPDATE: Text buffer overflow with long characters
- debian/patches/CVE-2025-27831.patch: prevent Unicode decoding overrun
in devices/vector/doc_common.c.
- CVE-2025-27831
* SECURITY UPDATE: Compression buffer overflow
- debian/patches/CVE-2025-27832.patch: avoid integer overflow leading
to buffer overflow in contrib/japanese/gdevnpdl.c.
- CVE-2025-27832
* SECURITY UPDATE: Buffer overflow with long TTF font name
- debian/patches/CVE-2025-27833.patch: check TTF name size before
copying to buffer in pdf/pdf_fmap.c.
- CVE-2025-27833
* SECURITY UPDATE: Buffer overflow caused by an oversized Type 4 function
- debian/patches/CVE-2025-27834.patch: guard against unsigned int
overflow in pdf/pdf_func.c.
- CVE-2025-27834
* SECURITY UPDATE: Buffer overflow when converting glyphs to unicode
- debian/patches/CVE-2025-27835.patch: fix confusion between bytes and
shorts in psi/zbfont.c.
- CVE-2025-27835
* SECURITY UPDATE: Print buffer overflow
- debian/patches/CVE-2025-27836-1.patch: fix potential print buffer
overflow in contrib/japanese/gdev10v.c.
- debian/patches/CVE-2025-27836-2.patch: fix compiler warnings in
contrib/japanese/gdev10v.c.
- CVE-2025-27836
-- Marc Deslauriers <email address hidden> Tue, 25 Mar 2025 13:42:18 -0400
|
| Source diff to previous version |
| CVE-2025-27830 |
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write |
| CVE-2025-27831 |
An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to device |
| CVE-2025-27832 |
An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c. |
| CVE-2025-27833 |
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c. |
| CVE-2025-27834 |
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf |
| CVE-2025-27835 |
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c. |
| CVE-2025-27836 |
An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c. |
|
|
ghostscript (10.02.1~dfsg1-0ubuntu7.4) noble-security; urgency=medium
* SECURITY UPDATE: incorrect Pattern Implementation type handling
- debian/patches/CVE-2024-46951.patch: check the type of the Pattern
Implementation in psi/zcolor.c.
- CVE-2024-46951
* SECURITY UPDATE: Buffer overflow in PDF XRef stream
- debian/patches/CVE-2024-46952.patch: sanitise W array values in Xref
streams in pdf/pdf_xref.c.
- CVE-2024-46952
* SECURITY UPDATE: output filename overflow
- debian/patches/CVE-2024-46953.patch: check for overflow validating
format string for the output file name in base/gsdevice.c.
- CVE-2024-46953
* SECURITY UPDATE: directory escape via overlong encodings
- debian/patches/CVE-2024-46954.patch: fix decode_utf8 to forbid
overlong encodings in base/gp_utf8.c.
- CVE-2024-46954
* SECURITY UPDATE: Out of bounds read when reading color
- debian/patches/CVE-2024-46955.patch: check Indexed colour space index
in psi/zcolor.c.
- CVE-2024-46955
* SECURITY UPDATE: incorrect buffer length check
- debian/patches/CVE-2024-46956.patch: fix length check in psi/zfile.c.
- CVE-2024-46956
-- Marc Deslauriers <email address hidden> Wed, 06 Nov 2024 11:35:01 -0500
|
| CVE-2024-46951 |
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead |
| CVE-2024-46952 |
An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (rel |
| CVE-2024-46953 |
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for th |
| CVE-2024-46954 |
An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directo |
| CVE-2024-46955 |
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color spa |
| CVE-2024-46956 |
An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code |
|
About
-
Send Feedback to @ubuntu_updates
