Fedora 40: ghostscript critical advisory for buffer overflows
fedora
April 10, 2025
CVE-2025-27835 ghostscript: Buffer overflow when converting glyphs to unicode (fedora#2355025) CVE-2025-27834 ghostscript: Buffer overflow caused by an oversized Type 4 function in...
Summary
This package provides useful conversion utilities based on Ghostscript software,
for converting PS, PDF and other document formats between each other.
Ghostscript is a suite of software providing an interpreter for Adobe Systems'
PostScript (PS) and Portable Document Format (PDF) page description languages.
Its primary purpose includes displaying (rasterization & rendering) and printing
of document pages, as well as conversions between different document formats.
Update Information:
CVE-2025-27835 ghostscript: Buffer overflow when converting glyphs to unicode (fedora#2355025) CVE-2025-27834 ghostscript: Buffer overflow caused by an oversized Type 4 function in a PDF (fedora#2355023) CVE-2025-27832 ghostscript: NPDL device: Compression buffer overflow (fedora#2355021) CVE-2025-27836 ghostscript: device: Print buffer overflow (fedora#2355019) CVE-2025-27830 ghostscript: Buffer overflow during serialization of DollarBlend in font (fedora#2355015) CVE-2025-27833 ghostscript: Buffer overflow with long TTF font name (fedora#2355011) CVE-2025-27837 ghostscript: Access to arbitrary files through truncated path with invalid UTF-8 (fedora#2355009) CVE-2025-27831 ghostscript: Text buffer overflow with long characters (fedora#2355007)
Topics Covered
Change Log
* Fri Mar 28 2025 Zdenek Dohnal
References
[ 1 ] Bug #2354947 - CVE-2025-27835 Ghostscript: Buffer overflow when converting glyphs to unicode
https://bugzilla.redhat.com/show_bug.cgi?id=2354947
[ 2 ] Bug #2354948 - CVE-2025-27834 Ghostscript: Buffer overflow caused by an oversized Type 4 function in a PDF
https://bugzilla.redhat.com/show_bug.cgi?id=2354948
[ 3 ] Bug #2354949 - CVE-2025-27832 Ghostscript: NPDL device: Compression buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=2354949
[ 4 ] Bug #2354952 - CVE-2025-27836 Ghostscript: device: Print buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=2354952
[ 5 ] Bug #2354953 - CVE-2025-27830 Ghostscript: Buffer overflow during serialization of DollarBlend in font
https://bugzilla.redhat.com/show_bug.cgi?id=2354953
[ 6 ] Bug #2354954 - CVE-2025-27833 Ghostscript: Buffer overflow with long TTF font name
https://bugzilla.redhat.com/show_bug.cgi?id=2354954
[ 7 ] Bug #2354961 - CVE-2025-27...
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-3a7a29de24' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: ghostscript
Product: Fedora 40
Version: 10.02.1
Release: 14.fc40
Summary: Interpreter for PostScript language & PDF
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!