UbuntuUpdates.org

Package "libgs10-common"

Name: libgs10-common

Description:

interpreter for the PostScript language and for PDF - common files

Latest version: 10.05.0dfsg1-0ubuntu1.2
Release: plucky (25.04)
Level: security
Repository: main
Head package: ghostscript
Homepage: https://www.ghostscript.com/

Links


Download "libgs10-common"


Other versions of "libgs10-common" in Plucky

Repository Area Version
base main 10.05.0dfsg1-0ubuntu1
updates main 10.05.0dfsg1-0ubuntu1.2

Changelog

Version: 10.05.0dfsg1-0ubuntu1.2 2025-09-29 15:07:37 UTC

  ghostscript (10.05.0dfsg1-0ubuntu1.2) plucky-security; urgency=medium

  * SECURITY UPDATE: null pointer deref on file write failure
    - debian/patches/CVE-2025-7462.patch: catch a null file pointer closing
      pdfwrite in devices/vector/gdevpdf.c.
    - CVE-2025-7462
  * SECURITY UPDATE: stack overflow in pdf_write_cmap
    - debian/patches/CVE-2025-59798.patch: use dynamically allocated buffer
      and check return codes in devices/vector/gdevpdtw.c.
    - CVE-2025-59798
  * SECURITY UPDATE: stack overflow in pdfmark_coerce_dest
    - debian/patches/CVE-2025-59799.patch: bounds check some strings in
      devices/vector/gdevpdfm.c.
    - CVE-2025-59799
  * SECURITY UPDATE: heap overflow in ocr_begin_page
    - debian/patches/CVE-2025-59800.patch: fix int overflow in
      devices/gdevpdfocr.c.
    - CVE-2025-59800

 -- Marc Deslauriers <email address hidden> Thu, 25 Sep 2025 12:20:58 -0400

Source diff to previous version
CVE-2025-7462 A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the
CVE-2025-59798 Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c.
CVE-2025-59799 Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value.
CVE-2025-59800 In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in

Version: 10.05.0dfsg1-0ubuntu1.1 2025-07-08 06:06:57 UTC

  ghostscript (10.05.0dfsg1-0ubuntu1.1) plucky-security; urgency=medium

  * SECURITY UPDATE: Information Leak
    - debian/patches/CVE-2025-48708.patch: Argument sanitization handle
      '#' as per '='
    - CVE-2025-48708

 -- Bruce Cable <email address hidden> Thu, 03 Jul 2025 15:36:55 +1000

CVE-2025-48708 gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF doc



About   -   Send Feedback to @ubuntu_updates