SB2025071018 - Ubuntu update for ghostscript

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025071018

SB2025071018 - Ubuntu update for ghostscript

Published: July 10, 2025

Security Bulletin ID SB2025071018
Severity
High
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 78% Medium 11% Low 11%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Infinite loop (CVE-ID: CVE-2023-39327)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop. A remote attacker can consume all available system resources and cause denial of service conditions.


2) Heap-based buffer overflow (CVE-ID: CVE-2024-29508)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the pdf_base_font_alloc() function. A remote attacker can pass specially crafted PDF file to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Insecure DLL loading (CVE-ID: CVE-2024-33871)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to the "Driver" parameter for the "opvp"/"oprp" device specifies the name of a dynamic library and allows any library to be loaded. A remote attacker can pass a specially crafted document to the application and execute arbitrary library on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.


4) Heap-based buffer overflow (CVE-ID: CVE-2024-56826)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


5) Heap-based buffer overflow (CVE-ID: CVE-2024-56827)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the opj_j2k_add_tlmarker() function in src/lib/openjp2/j2k.c. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


6) Buffer overflow (CVE-ID: CVE-2025-27832)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in contrib/japanese/gdevnpdl.c. A remote attacker can create a specially crafted document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


7) Buffer overflow (CVE-ID: CVE-2025-27835)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in psi/zbfont.c. A remote attacker can create a specially crafted document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


8) Buffer overflow (CVE-ID: CVE-2025-27836)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in contrib/japanese/gdev10v.c. A remote attacker can create a specially crafted document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


9) Cleartext storage of sensitive information (CVE-ID: CVE-2025-48708)

The vulnerability allows a remote attacker to read PDF documents protected with a password.

The vulnerability exists due to an error within the gs_lib_ctx_stash_sanitized_arg() function in base/gslibctx.c caused by incorrect sanitization of arguments for the # case. As a result, a created PDF document includes its password in cleartext.


Remediation

Install update from vendor's website.

References