Debian Ghostscript vulnerabilities

CVE-2025-27832 [CRITICAL] CVE-2025-27832: ghostscript - An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device h... An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c. Scope: local bookworm: resolved (fixed in 10.0.0~dfsg-11+deb12u7) bullseye: resolved (fixed in 9.53.3~dfsg-7+deb11u10) forky: resolved (fixed in 10.05.0~dfsg-1) sid: resolved (fixed in 10.05.0~dfsg-1) trixie: resol

CVE-2025-27831 [CRITICAL] CVE-2025-27831: ghostscript - An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXT... An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c. Scope: local bookworm: resolved (fixed in 10.0.0~dfsg-11+deb12u7) bullseye: resolved (fixed in 9.53.3~dfsg-7+deb11u10) forky: resolved (fixed in 10.05.0~dfsg-1) sid: resolved (fixed in 10.

CVE-2025-27836 [CRITICAL] CVE-2025-27836: ghostscript - An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device ... An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c. Scope: local bookworm: resolved (fixed in 10.0.0~dfsg-11+deb12u7) bullseye: resolved (fixed in 9.53.3~dfsg-7+deb11u10) forky: resolved (fixed in 10.05.0~dfsg-1) sid: resolved (fixed in 10.05.0~dfsg-1) trixie: resolved (fi

CVE-2025-27834 [HIGH] CVE-2025-27834: ghostscript - An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow... An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c. Scope: local bookworm: resolved (fixed in 10.0.0~dfsg-11+deb12u7) bullseye: resolved forky: resolved (fixed in 10.05.0~dfsg-1) sid: resolved (fixed in 10.05.0~dfsg-1) trixie: resolved (fixed in 10.05.0~dfsg

CVE-2025-27830 [HIGH] CVE-2025-27830: ghostscript - An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow... An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c. Scope: local bookworm: resolved (fixed in 10.0.0~dfsg-11+deb12u7) bullseye: resolved (fixed in 9.53.3~dfsg-7+deb11u10) forky: resolved (fixed in 10.05.0~dfsg-1) sid: resolved (fixed in 10.05.0

CVE-2025-27833 [HIGH] CVE-2025-27833: ghostscript - An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow... An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c. Scope: local bookworm: resolved (fixed in 10.0.0~dfsg-11+deb12u7) bullseye: resolved forky: resolved (fixed in 10.05.0~dfsg-1) sid: resolved (fixed in 10.05.0~dfsg-1) trixie: resolved (fixed in 10.05.0~dfsg-1)

CVE-2025-27835 [HIGH] CVE-2025-27835: ghostscript - An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow... An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c. Scope: local bookworm: resolved (fixed in 10.0.0~dfsg-11+deb12u7) bullseye: resolved (fixed in 9.53.3~dfsg-7+deb11u10) forky: resolved (fixed in 10.05.0~dfsg-1) sid: resolved (fixed in 10.05.0~dfsg-1) trixie: resolved (fixed

CVE-2025-59799 [MEDIUM] CVE-2025-59799: ghostscript - Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark... Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value. Scope: local bookworm: resolved (fixed in 10.0.0~dfsg-11+deb12u8) bullseye: resolved (fixed in 9.53.3~dfsg-7+deb11u11) forky: resolved (fixed in 10.06.0~dfsg-1) sid: resolved (fixed in 10.06.0~dfsg-1) trixie: resolve

CVE-2025-7462 [MEDIUM] CVE-2025-7462: ghostscript - A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902b... A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the function pdf_ferror of the file devices/vector/gdevpdf.c of the component New Output File Open Error Handler. The manipulation leads to null pointer dereference. It is possible to initiate the attack remotely. The

CVE-2025-59798 [MEDIUM] CVE-2025-59798: ghostscript - Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_wri... Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c. Scope: local bookworm: resolved (fixed in 10.0.0~dfsg-11+deb12u8) bullseye: resolved (fixed in 9.53.3~dfsg-7+deb11u11) forky: resolved (fixed in 10.06.0~dfsg-1) sid: resolved (fixed in 10.06.0~dfsg-1) trixie: resolved (fixed in 10.05.1~dfsg-1+d

CVE-2025-27837 [CRITICAL] CVE-2025-27837: ghostscript - An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitra... An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2025-59801 [MEDIUM] CVE-2025-59801: ghostscript - In Artifex GhostXPS before 10.06.0, there is a stack-based buffer overflow in xp... In Artifex GhostXPS before 10.06.0, there is a stack-based buffer overflow in xps_unpredict_tiff in xpstiff.c because the samplesperpixel value is not checked. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 10.06.0~dfsg-1) sid: resolved (fixed in 10.06.0~dfsg-1) trixie: open

CVE-2025-48708 [MEDIUM] CVE-2025-48708: ghostscript - gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before ... gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 10.05.1~dfsg-1) sid: resolved (fixed in 10.05.1~dfsg-1) trixie: resolved (fixed in 10.05.1~dfsg-1)

CVE-2025-59800 [MEDIUM] CVE-2025-59800: ghostscript - In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c h... In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 10.06.0~dfsg-1) sid: resolved (fixed in 10.06.0~dfsg-1) trixie: open

CVE-2025-46646 [HIGH] CVE-2025-46646: ghostscript - In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles ... In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 10.05.0~dfsg-1) sid: resolved (fixed in 10.05.0~dfsg-1) trixie: resolved (fixed in 10.05.0~dfsg-1)

CVE-2024-46956 [HIGH] CVE-2024-46956: ghostscript - An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Ou... An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 10.0.0~dfsg-11+deb12u6) bullseye: resolved (fixed in 9.53.3~dfsg-7+deb11u9) forky: resolved (fixed in 10.04.0~dfsg-1) sid: resolved (fixed in 10.04.0~dfsg-1) trix

CVE-2024-33871 [HIGH] CVE-2024-33871: ghostscript - An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdev... An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded. Scope: local bookworm

CVE-2024-46952 [HIGH] CVE-2024-46952: ghostscript - An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0.... An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values). Scope: local bookworm: resolved (fixed in 10.0.0~dfsg-11+deb12u6) bullseye: resolved forky: resolved (fixed in 10.04.0~dfsg-1) sid: resolved (fixed in 10.04.0~dfsg-1) trixie: resolved (fixed

CVE-2024-46951 [HIGH] CVE-2024-46951: ghostscript - An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. A... An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 10.0.0~dfsg-11+deb12u6) bullseye: resolved (fixed in 9.53.3~dfsg-7+deb11u9) forky: resolved (fixed in 10.04.0~dfsg-1) sid: resolved (fixed in 10

CVE-2024-29509 [HIGH] CVE-2024-29509: ghostscript - Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e... Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle. Scope: local bookworm: resolved (fixed in 10.0.0~dfsg-11+deb12u5) bullseye: resolved forky: resolved (fixed in 10.03.0~dfsg-1) sid: resolved (fixed in 10.03.0~dfsg-1) trixie: resolved (fixed in 10.03.0~dfsg-1)