## This update for ghostscript fixes the following issues: Update to version 10.06.0. Security issues fixed: * CVE-2025-59800: an integer overflow can lead to a heap-based buffer overflow in ocr_line8 (bsc#1250355). * CVE-2025-59799: a large size value can cause a stack-based buffer overflow in pdfmark_coerce_dest (bsc#1250354). * CVE-2025-59798: stack-based buffer overflow in pdf_write_cmap can lead to a denial-of-service (bsc#1250353). * CVE-2025-48708: lacks of argument sanitization may lead to password disclosure (bsc#1243701). * CVE-2025-46646: mishandling of overlong utf-8 encoding in artifex ghostscript's decode_utf8 function (bsc#1257699). Other updates and bugfixes: * switch over to libalternatives for ghostscript to provide a gs variant (bsc#1245896) * Version upgrade to 10.06.0:
* bsc#1243701
* bsc#1245896
* bsc#1250353
* bsc#1250354
* bsc#1250355
* bsc#1257699
Cross-
* CVE-2025-46646
* CVE-2025-48708
* CVE-2025-59798
* CVE-2025-59799
* CVE-2025-59800
* CVE-2025-59801
CVSS scores:
* CVE-2025-46646 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-46646 ( NVD ): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
* CVE-2025-48708 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-48708 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-48708 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-59798 ( SUSE ): 4.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
* CVE-2025-59798 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Get the latest Linux and open source security news straight to your inbox.