Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu 7378-1: Ghostscript Security Advisory Updates

ubuntu
Calendar Grey March 27, 2025
Dist Ubuntu Esm H88
Ubuntu announces critical Ghostscript updates addressing multiple denial of service vulnerabilities affecting various releases.
Several security issues were fixed in Ghostscript.

Summary

Several security issues were fixed in Ghostscript.

Software Description:

- ghostscript: PostScript and PDF interpreter

Details:

It was discovered that Ghostscript incorrectly serialized DollarBlend in

certain fonts. An attacker could use this issue to cause Ghostscript to

crash, resulting in a denial of service, or possibly execute arbitrary

code. (CVE-2025-27830)

It was discovered that Ghostscript incorrectly handled the DOCXWRITE

TXTWRITE device. An attacker could use this issue to cause Ghostscript to

crash, resulting in a denial of service, or possibly execute arbitrary

code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and

Ubuntu 24.10. (CVE-2025-27831)

It was discovered that Ghostscript incorrectly handled the NPDL device. An

attacker could use this issue to cause Ghostscript to crash, resulting in a

denial of service, or possibly execute arbitrary code. (CVE-2025-27832)

It was discovered that Ghostscript incorrectly handled certai...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   ghostscript                     10.03.1~dfsg1-0ubuntu2.2
   libgs10                         10.03.1~dfsg1-0ubuntu2.2

Ubuntu 24.04 LTS
   ghostscript                     10.02.1~dfsg1-0ubuntu7.5
   libgs10                         10.02.1~dfsg1-0ubuntu7.5

Ubuntu 22.04 LTS
   ghostscript                     9.55.0~dfsg1-0ubuntu5.11
   libgs9                          9.55.0~dfsg1-0ubuntu5.11

Ubuntu 20.04 LTS
   ghostscript                     9.50~dfsg-5ubuntu4.15
   libgs9                          9.50~dfsg-5ubuntu4.15

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7378-1

CVE-2025-27830, CVE-2025-27831, CVE-2025-27832, CVE-2025-27833,

CVE-2025-27834, CVE-2025-27835, CVE-2025-27836

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7378-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here