ghostscript-10.05.0-1.1 on GA media (moderate)

ghostscript-10.05.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:14953-1 Rating: moderate Cross-References: CVE-2025-27830 CVE-2025-27831 CVE-2025-27832 CVE-2025-27833 CVE-2025-27834 CVE-2025-27835 CVE-2025-27836 CVE-2025-27837 CVSS scores: CVE-2025-27830 SUSE : 5...

SUSE SLES12 Security Update : ghostscript (SUSE-SU-2025:1118-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1118-1 advisory. - CVE-2025-27831: Fixed text buffer overflow in DOCXWRITE TXTWRITE device via long characters to devices/vector/doccommon.c bsc1240075 -...

Security update for ghostscript

This update for ghostscript fixes the following issues: CVE-2025-27831: Fixed text buffer overflow in DOCXWRITE TXTWRITE device via long characters to devices/vector/doccommon.c bsc1240075 CVE-2025-27832: Fixed compression buffer overflow in NPDL device for contrib/japanese/gdevnpdl.c bsc1240077...

SUSE-SU-2025:1118-1 Security update for ghostscript

This update for ghostscript fixes the following issues: - CVE-2025-27831: Fixed text buffer overflow in DOCXWRITE TXTWRITE device via long characters to devices/vector/doccommon.c bsc1240075 - CVE-2025-27832: Fixed compression buffer overflow in NPDL device for contrib/japanese/gdevnpdl.c...

The vulnerability of the bj10v_print_page() function in the contrib/japanese/gdev10v.c file of the BJ10V Device component of the software development kit for processing, transforming, and generating Ghostscript documents, allowing a malicious individual to execute arbitrary code or cause a service failure.

The vulnerability of the bj10vprintpage function in the contrib/japanese/gdev10v.c file of the BJ10V Device component of the software development kit for processing, transforming, and generating Ghostscript documents is related to the copying of buffers without checking the size of the input data...

The vulnerability of the contrib/japanese/gdevnpdl.c file, which is part of the NPDL Device software suite for processing, transforming, and generating Ghostscript documents, allows a perpetrator to execute arbitrary code.

The vulnerability of the contrib/japanese/gdevnpdl.c file, which is part of the NPDL Device software suite for processing, transforming, and generating Ghostscript documents, stems from the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an...

The vulnerability of the Type 4 function in the PDF processing, conversion, and generation software for Ghostscript allows a hacker to execute arbitrary code.

The vulnerability of Type 4 function in the software suite for processing, converting, and generating Ghostscript documents is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using a speciall...

The vulnerability of the txt_get_unicode() function in the devices/vector/doc_common.c file of the Ghostscript document processing, conversion, and generation software allows a hacker to execute arbitrary code.

The vulnerability of the txtgetunicode function in the devices/vector/doccommon.c file of the Ghostscript document processing, conversion, and generation software set is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an...

The vulnerability of the files base/write_t1.c and psi/zfapi.c, which are components of the DollarBlend software suite for processing, transforming, and generating Ghostscript documents, allows a perpetrator to execute arbitrary code.

The vulnerability in the files base/writet1.c and psi/zfapi.c of the DollarBlend software component, which is part of the software suite for processing, transforming, and generating Ghostscript documents, involves copying buffers without checking the size of the input data. Exploiting this...

OPENSUSE-SU-2025:14953-1 ghostscript-10.05.0-1.1 on GA media

These are all security issues fixed in the ghostscript-10.05.0-1.1 package on the GA media of openSUSE Tumbleweed...

The vulnerability of the gp_open_scratch_file_impl() function in the files base/gp_mswin.c and base/winrtsup.cpp of the Ghostscript processing, conversion, and generation software suite allows a malicious actor to read arbitrary files.

The vulnerability of the gpopenscratchfileimpl function in the base/gpmswin.c and base/winrtsup.cpp files of the Ghostscript processing, conversion, and generation software suite is related to an incorrect path name limitation. Exploiting this vulnerability could allow a remote attacker to read...

The vulnerability of the psi/zbfont.c file in the software suite for processing, transforming, and generating Ghostscript documents allows a perpetrator to execute arbitrary code.

The vulnerability of the psi/zbfont.c file in the software for processing, converting, and generating Ghostscript documents is related to the copying of buffers without checking the size of the input data, as a result of incorrect conversion of glyphs to Unicode. Exploiting this vulnerability can...

Important: ghostscript

Issue Overview: The calculation of the buffer size was being done with int values, and overflowing that data type. The bug has existed since the creation of the file contrib/japanese/gdevnpdl.c The calculation of the buffer size was being done with int values, and overflowing that data type. By...

Important: ghostscript

Issue Overview: Buffer overflow in Ghostscript new PDF Interpreter PDFI. CVE-2025-27833 Affected Packages: ghostscript Issue Correction: Run dnf update ghostscript --releasever 2023.7.20250331 or dnf update --advisory ALAS2023-2025-906 --releasever 2023.7.20250331 to update your system. More...

Important: ghostscript

Issue Overview: Potential integer and buffer overflow with DollarBlend during serializing a multiple master font for passing to Freetype. Fixed by changing a variable type from short to unsigned short and checking if a length variable exceeds permitted limit. Fixed in ghostpdl-10.05.0...

Amazon Linux 2023 : ghostscript, ghostscript-gtk, ghostscript-tools-dvipdf (ALAS2023-2025-908)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-908 advisory. Potential integer and buffer overflow with DollarBlend during serializing a multiple master font for passing to Freetype. Fixed by changing a variable type from short to unsigned short and...

Important: ghostscript

Issue Overview: Potential integer and buffer overflow with DollarBlend during serializing a multiple master font for passing to Freetype. Fixed by changing a variable type from short to unsigned short and checking if a length variable exceeds permitted limit. Fixed in ghostpdl-10.05.0...

Important: ghostscript

Issue Overview: The calculation of the buffer size was being done with int values, and overflowing that data type. The bug has existed since the creation of the file contrib/japanese/gdevnpdl.c The calculation of the buffer size was being done with int values, and overflowing that data type. By...

Important: ghostscript

Issue Overview: Potential integer and buffer overflow with DollarBlend during serializing a multiple master font for passing to Freetype. Fixed by changing a variable type from short to unsigned short and checking if a length variable exceeds permitted limit. Fixed in ghostpdl-10.05.0...

Important: ghostscript

Issue Overview: Potential integer and buffer overflow with DollarBlend during serializing a multiple master font for passing to Freetype. Fixed by changing a variable type from short to unsigned short and checking if a length variable exceeds permitted limit. Fixed in ghostpdl-10.05.0...