==========================================================================
Ubuntu Security Notice USN-7473-1
May 01, 2025

ghostscript vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS

Summary:

Ghostscript could be made to crash, run programs, or read files if it
opened a specially crafted file.

Software Description:
- ghostscript: PostScript and PDF interpreter

Details:

It was discovered that Ghostscript incorrectly handled parsing certain PS
files. An attacker could use this issue to cause Ghostscript to crash,
resulting in a denial of service, or possibly bypass file path validation.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
  ghostscript                     10.03.1~dfsg1-0ubuntu2.3
  libgs10                         10.03.1~dfsg1-0ubuntu2.3

Ubuntu 24.04 LTS
  ghostscript                     10.02.1~dfsg1-0ubuntu7.6
  libgs10                         10.02.1~dfsg1-0ubuntu7.6

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7473-1
  CVE-2025-46646

Package Information:
  https://launchpad.net/ubuntu/+source/ghostscript/10.03.1~dfsg1-0ubuntu2.3
  https://launchpad.net/ubuntu/+source/ghostscript/10.02.1~dfsg1-0ubuntu7.6