[SECURITY] [DLA 4330-1] ghostscript security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4330-1] ghostscript security update
From: Abhijith PA <abhijith@debian.org>
Date: Tue, 14 Oct 2025 13:02:54 +0530
Message-id: <[🔎] aO38pteaWQdS9Dzm@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4330-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Abhijith PA
October 14, 2025                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : ghostscript
Version        : 9.53.3~dfsg-7+deb11u11
CVE ID         : CVE-2025-7462 CVE-2025-59798 CVE-2025-59799

Multiple vulnerabilities were discovered in ghostcript, an interpreter
for the PostScript language and PDF.

CVE-2025-7462

    Function pdf_ferror of the file devices/vector/gdevpdf.c of the
    component New Output File Open Error Handler. The manipulation
    leads to null pointer dereference. It is possible to initiate the
    attack remotely.

CVE-2025-59798

    A stack-based buffer overflow in pdf_write_cmap in
    devices/vector/gdevpdtw.c.

CVE-2025-59799

    a stack-based buffer overflow in pdfmark_coerce_dest in
    devices/vector/gdevpdfm.c via a large size value.

For Debian 11 bullseye, these problems have been fixed in version
9.53.3~dfsg-7+deb11u11.

We recommend that you upgrade your ghostscript packages.

For the detailed security status of ghostscript please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ghostscript

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmjt/KUACgkQhj1N8u2c
KO/DbQ//ZFv+/yoEyhl4X2uTULW10eUt4ZPZ+0Zkja8h9Q1bcg0wTQ2cHh8n7b43
3FSqxl6UM+zHHM7TqGkYAXqlTwpVegxlBavAEWM9RZUhMAYXSVQxrvX/ettWgEu9
6oICZGeHYcJGIiV6Erk8yLkx9gNA/C0xjJJQ0QFmYzNh2raZY6ayDH8l1V+ks73x
yQxxopMiQ2SVgQCG/QkLrWttzNDJGMUZP+IvAMK2k8ng9K7FEWkSEGSx53j3zZXG
NC+waRo6Y16lJ864f0yfyfxVT1k+e8E+MVCypL8LLr0s9gBxbTnx+xHpIAqsy5wk
QxG5XUVH2tc6MX6USRaIprHB3Ad1d3qQxSQ91dGvvL1kZhflfgss59w8Wzco2+MS
a5GnDD+guy/udZq9KilSa0ezfQVggynwRS9BVFPDozi/U2WbvU5ABZxtePzTEDXf
wDJijK5+54WNrZmVEixlqUzNZjppwA5XLAcy9l43VcwvnbVKXpaMD0QqVhBiDclf
L6qizWEHCEMpNYH7M8sX1yPZhnvWeMB5zrJGUOLuM9kVvKX011I8Qpw2j4NhPSBw
L+nzGIx7n9f3oXnf7y6DEh4cGxKttp7LxlsXtgffagJe8GA1sI4Fz5ne1zeHLe9L
ayS4SOqo2vVGoOjG/OI6hfJpJctCFzcIkMdW/yYsuzHB2ASgcyE=
=jSD5
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4329-1] libfcgi security update
Next by Date: [SECURITY] [DLA 4331-1] https-everywhere security update
Previous by thread: [SECURITY] [DLA 4329-1] libfcgi security update
Next by thread: [SECURITY] [DLA 4331-1] https-everywhere security update
Index(es):
- Date
- Thread