[DLA 4118-1] ghostscript security update
[SECURITY] [DLA 4118-1] ghostscript security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4118-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
April 07, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : ghostscript
Version : 9.53.3~dfsg-7+deb11u10
CVE ID : CVE-2025-27830 CVE-2025-27831 CVE-2025-27832 CVE-2025-27835
CVE-2025-27836
Multiple vulnerabilities have been fixed in the PostScript/PDF
interpreter Ghostscript.
CVE-2025-27830
Buffer overflow via serialization of DollarBlend
CVE-2025-27831
Unicode decoding overrun
CVE-2025-27832
Integer overflow leading to buffer overflow
CVE-2025-27835
Confusion between bytes and shorts
CVE-2025-27836
Buffer overflow in bj10v device
For Debian 11 bullseye, these problems have been fixed in version
9.53.3~dfsg-7+deb11u10.
We recommend that you upgrade your ghostscript packages.
For the detailed security status of ghostscript please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ghostscript
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
