========================================================================== Ubuntu Security Notice USN-7623-1 July 08, 2025 ghostscript vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Ghostscript. Software Description: - ghostscript: PostScript and PDF interpreter Details: It was discovered that OpenJPEG, vendored in Ghostscript did not correctly handle large image files. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-39327) Thomas Rinsma discovered that Ghostscript did not correctly handle printing certain variables. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-29508) It was discovered that Ghostscript did not correctly handle loading certain libraries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2024-33871) It was discovered that Ghostscript did not correctly handle certain memory operations. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-56826, CVE-2024-56827, CVE-2025-27832, CVE-2025-27835, CVE-2025-27836) Vasileios Flengas discovered that Ghostscript did not correctly handle argument sanitization. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 24.10 and Ubuntu 25.04. (CVE-2025-48708) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 ghostscript 10.05.0dfsg1-0ubuntu1.1 libgs10 10.05.0dfsg1-0ubuntu1.1 Ubuntu 24.10 ghostscript 10.03.1~dfsg1-0ubuntu2.4 libgs10 10.03.1~dfsg1-0ubuntu2.4 Ubuntu 24.04 LTS ghostscript 10.02.1~dfsg1-0ubuntu7.7 libgs10 10.02.1~dfsg1-0ubuntu7.7 Ubuntu 22.04 LTS ghostscript 9.55.0~dfsg1-0ubuntu5.12 ghostscript-x 9.55.0~dfsg1-0ubuntu5.12 libgs9 9.55.0~dfsg1-0ubuntu5.12 Ubuntu 20.04 LTS libgs9 9.50~dfsg-5ubuntu4.15+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS ghostscript 9.26~dfsg+0-0ubuntu0.18.04.18+esm4 Available with Ubuntu Pro ghostscript-x 9.26~dfsg+0-0ubuntu0.18.04.18+esm4 Available with Ubuntu Pro libgs-dev 9.26~dfsg+0-0ubuntu0.18.04.18+esm4 Available with Ubuntu Pro libgs9 9.26~dfsg+0-0ubuntu0.18.04.18+esm4 Available with Ubuntu Pro libgs9-common 9.26~dfsg+0-0ubuntu0.18.04.18+esm4 Available with Ubuntu Pro Ubuntu 16.04 LTS ghostscript 9.26~dfsg+0-0ubuntu0.16.04.14+esm9 Available with Ubuntu Pro ghostscript-x 9.26~dfsg+0-0ubuntu0.16.04.14+esm9 Available with Ubuntu Pro libgs-dev 9.26~dfsg+0-0ubuntu0.16.04.14+esm9 Available with Ubuntu Pro libgs9 9.26~dfsg+0-0ubuntu0.16.04.14+esm9 Available with Ubuntu Pro libgs9-common 9.26~dfsg+0-0ubuntu0.16.04.14+esm9 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7623-1 CVE-2023-39327, CVE-2024-29508, CVE-2024-56826, CVE-2024-56827, CVE-2025-27832, CVE-2025-27835, CVE-2025-27836, CVE-2025-48708 Package Information: https://launchpad.net/ubuntu/+source/ghostscript/10.05.0dfsg1-0ubuntu1.1 https://launchpad.net/ubuntu/+source/ghostscript/10.03.1~dfsg1-0ubuntu2.4 https://launchpad.net/ubuntu/+source/ghostscript/10.02.1~dfsg1-0ubuntu7.7 https://launchpad.net/ubuntu/+source/ghostscript/9.55.0~dfsg1-0ubuntu5.12