ghostscript (9.55.0~dfsg1-0ubuntu5.12) jammy-security; urgency=medium
* SECURITY UPDATE: Information Leak
- debian/patches/CVE-2025-48708.patch: Argument sanitization handle
'#' as per '='
- CVE-2025-48708
-- Bruce Cable <bruce.cable@canonical.com> Thu, 03 Jul 2025 15:29:51 +1000
ghostscript (9.55.0~dfsg1-0ubuntu5.11) jammy-security; urgency=medium
* SECURITY UPDATE: Buffer overflow via serialization of DollarBlend
- debian/patches/CVE-2025-27830.patch: fix potential Buffer overflow
in base/write_t1.c, psi/zfapi.c.
- CVE-2025-27830
* SECURITY UPDATE: Text buffer overflow with long characters
- debian/patches/CVE-2025-27831-pre1.patch: fix decode_glyph for
Unicode in devices/vector/doc_common.c.
- debian/patches/CVE-2025-27831.patch: prevent Unicode decoding overrun
in devices/vector/doc_common.c.
- CVE-2025-27831
* SECURITY UPDATE: Compression buffer overflow
- debian/patches/CVE-2025-27832.patch: avoid integer overflow leading
to buffer overflow in contrib/japanese/gdevnpdl.c.
- CVE-2025-27832
* SECURITY UPDATE: Buffer overflow caused by an oversized Type 4 function
- debian/patches/CVE-2025-27834.patch: guard against unsigned int
overflow in pdf/pdf_func.c.
- CVE-2025-27834
* SECURITY UPDATE: Buffer overflow when converting glyphs to unicode
- debian/patches/CVE-2025-27835.patch: fix confusion between bytes and
shorts in psi/zbfont.c.
- CVE-2025-27835
* SECURITY UPDATE: Print buffer overflow
- debian/patches/CVE-2025-27836-1.patch: fix potential print buffer
overflow in contrib/japanese/gdev10v.c.
- debian/patches/CVE-2025-27836-2.patch: fix compiler warnings in
contrib/japanese/gdev10v.c.
- CVE-2025-27836
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 25 Mar 2025 14:57:48 -0400
ghostscript (9.55.0~dfsg1-0ubuntu5.10) jammy-security; urgency=medium
* SECURITY UPDATE: incorrect Pattern Implementation type handling
- debian/patches/CVE-2024-46951.patch: check the type of the Pattern
Implementation in psi/zcolor.c.
- CVE-2024-46951
* SECURITY UPDATE: Buffer overflow in PDF XRef stream
- debian/patches/CVE-2024-46952.patch: sanitise W array values in Xref
streams in pdf/pdf_xref.c.
- CVE-2024-46952
* SECURITY UPDATE: output filename overflow
- debian/patches/CVE-2024-46953.patch: check for overflow validating
format string for the output file name in base/gsdevice.c.
- CVE-2024-46953
* SECURITY UPDATE: Out of bounds read when reading color
- debian/patches/CVE-2024-46955.patch: check Indexed colour space index
in psi/zcolor.c.
- CVE-2024-46955
* SECURITY UPDATE: incorrect buffer length check
- debian/patches/CVE-2024-46956.patch: fix length check in psi/zfile.c.
- CVE-2024-46956
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 06 Nov 2024 11:57:58 -0500
ghostscript (9.55.0~dfsg1-0ubuntu5.9) jammy-security; urgency=medium
* SECURITY UPDATE: stack-based buffer overflow via long PDF filter name
- debian/patches/CVE-2024-29506.patch: don't allow PDF files with bad
Filters to overflow the debug buffer in pdf/pdf_file.c.
- CVE-2024-29506
* SECURITY UPDATE: heap-based pointer disclosure via constructed BaseFont
name
- debian/patches/CVE-2024-29508.patch: review printing of pointers in
base/gsfont.c, base/gsicc_cache.c, base/gsmalloc.c, base/gxclmem.c,
base/gxcpath.c, base/gxpath.c, base/szlibc.c, devices/gdevupd.c,
devices/vector/gdevpdtb.c, psi/ialloc.c, psi/igc.c, psi/igcstr.c,
psi/iinit.c, psi/imainarg.c, psi/isave.c, psi/iutil.c.
- debian/patches/CVE-2024-29508-2.patch: remove extra arguments in
devices/gdevupd.c.
- CVE-2024-29508
* SECURITY UPDATE: heap-based overflow via PDFPassword with null byte
- debian/patches/CVE-2024-29509.patch: don't use strlen on passwords in
pdf/pdf_sec.c.
- CVE-2024-29509
* SECURITY UPDATE: directory traversal issue via OCRLanguage
- debian/patches/CVE-2024-29511.patch: reject OCRLanguage changes after
SAFER enabled in devices/gdevocr.c, devices/gdevpdfocr.c,
devices/vector/gdevpdfp.c.
- debian/patches/CVE-2024-29511-2.patch: original fix was overly
aggressive in devices/gdevocr.c, devices/gdevpdfocr.c,
devices/vector/gdevpdf.c, devices/vector/gdevpdfp.c.
- debian/libgs9.symbols: mark some symbols as optional.
- CVE-2024-29511
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Jul 2024 12:07:09 -0400
ghostscript (9.55.0~dfsg1-0ubuntu5.7) jammy-security; urgency=medium
* SECURITY UPDATE: Policy bypass via improperly checked eexec seed
- debian/patches/CVE-2023-52722.patch: Prevent eexec seeds other than
Type 1 standard when SAFER mode is used in zmisc1.c.
- CVE-2023-52722
* SECURITY UPDATE: Arbitrary code execution via uniprint device
- debian/patches/CVE-2024-29510.patch: Prevent changes to uniprint device
argument strings after SAFER is activated in gdevupd.c.
- CVE-2024-29510
* SECURITY UPDATE: Path traversal and arbitrary code execution via improperly
checked path arguments
- debian/patches/CVE-2024-33869-part1.patch: Check that a current working
directory specifier is valid before stripping it from gpmisc.c.
- debian/patches/CVE-2024-33869-part2.patch: Check that a current working
directory specifier is valid before stripping it from gpmisc.c.
- CVE-2024-33869
* SECURITY UPDATE: Path traversal via improperly checked path arguments
- debian/patches/CVE-2024-33870.patch: Add a check for parent directory
prefixes when handling relative paths in gpmisc.c.
- CVE-2024-33870
* SECURITY UPDATE: Arbitrary code execution via custom driver library
- debian/patches/CVE-2024-33871.patch: Prevent changes to parameter that
specifies the names of dynamic libraries to be loaded by the opvp/oprp
device in gdevopvp.c
- CVE-2024-33871
-- Chris Kim <chris.kim@canonical.com> Mon, 03 Jun 2024 21:54:57 -0700
ghostscript (9.55.0~dfsg1-0ubuntu5.6) jammy-security; urgency=medium
* SECURITY UPDATE: DoS via dangling pointer
- debian/patches/CVE-2023-46751.patch: fix tiffsep(1) requirement for
seekable output files in base/gdevprn.c, devices/gdevtsep.c.
- CVE-2023-46751
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 11 Dec 2023 14:25:45 -0500
ghostscript (9.55.0~dfsg1-0ubuntu5.5) jammy-security; urgency=medium
* SECURITY UPDATE: code execution via PS documents and IJS device
- debian/patches/CVE-2023-43115.patch: prevent PostScript programs
switching to the IJS device after SAFER has been activated in
devices/gdevijs.c.
- CVE-2023-43115
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 12 Oct 2023 09:02:58 -0400
ghostscript (9.55.0~dfsg1-0ubuntu5.4) jammy-security; urgency=medium
* SECURITY UPDATE: buffer overflow
- debian/patches/CVE-2023-38559.patch: bounds check the buffer prior to
deferencing the pointer in devn_pcx_write_rle() in base/gdevdevn.c.
- CVE-2023-38559
-- Allen Huang <allen.huang@canonical.com> Tue, 15 Aug 2023 11:40:49 +0100
ghostscript (9.55.0~dfsg1-0ubuntu5.3) jammy-security; urgency=medium
* SECURITY UPDATE: incorrect permission validation for pipe devices
- debian/patches/CVE-2023-36664-1.patch: don't reduce pipe file names
for permission validation in base/gpmisc.c, base/gslibctx.c.
- debian/patches/CVE-2023-36664-2.patch: fix logic and add extra test
in base/gpmisc.c, base/gslibctx.c.
- CVE-2023-36664
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 05 Jul 2023 12:49:52 -0400
ghostscript (9.55.0~dfsg1-0ubuntu5.2) jammy-security; urgency=medium
* SECURITY UPDATE: Buffer Overflow
- debian/patches/CVE-2023-28879.patch: add check to make sure that the
buffer has space for two characters in s_xBCPE_process() in base/sbcp.c.
- CVE-2023-28879
-- Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com> Thu, 13 Apr 2023 11:15:40 -0300
# For older changelog entries, run 'apt-get changelog ghostscript-doc'
Generated by dwww version 1.14 on Sun Aug 3 23:53:11 CEST 2025.