UbuntuUpdates.org

Package "libgs-dev"

Name: libgs-dev

Description:

interpreter for the PostScript language and for PDF - Development Files
Latest version: 10.02.1~dfsg1-0ubuntu7.6
Release: noble (24.04)
Level: security
Repository: main
Head package: ghostscript
Homepage: https://www.ghostscript.com/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libgs-dev"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libgs-dev" in Noble

Repository Area Version
base main 10.02.1~dfsg1-0ubuntu7
updates main 10.02.1~dfsg1-0ubuntu7.6

Changelog

Version: 10.02.1~dfsg1-0ubuntu7.6 2025-05-01 15:07:13 UTC

  ghostscript (10.02.1~dfsg1-0ubuntu7.6) noble-security; urgency=medium

  * SECURITY UPDATE: directory escape via overlong encodings
    - debian/patches/CVE-2025-46646.patch: handle another set of sequences
      in base/gp_utf8.c.
    - CVE-2025-46646

 -- Marc Deslauriers <email address hidden> Wed, 30 Apr 2025 09:26:37 -0400
Source diff to previous version
CVE-2025-46646 In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomp

Version: 10.02.1~dfsg1-0ubuntu7.5 2025-03-27 16:06:55 UTC

  ghostscript (10.02.1~dfsg1-0ubuntu7.5) noble-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow via serialization of DollarBlend
    - debian/patches/CVE-2025-27830.patch: fix potential Buffer overflow
      in base/write_t1.c, psi/zfapi.c.
    - CVE-2025-27830
  * SECURITY UPDATE: Text buffer overflow with long characters
    - debian/patches/CVE-2025-27831.patch: prevent Unicode decoding overrun
      in devices/vector/doc_common.c.
    - CVE-2025-27831
  * SECURITY UPDATE: Compression buffer overflow
    - debian/patches/CVE-2025-27832.patch: avoid integer overflow leading
      to buffer overflow in contrib/japanese/gdevnpdl.c.
    - CVE-2025-27832
  * SECURITY UPDATE: Buffer overflow with long TTF font name
    - debian/patches/CVE-2025-27833.patch: check TTF name size before
      copying to buffer in pdf/pdf_fmap.c.
    - CVE-2025-27833
  * SECURITY UPDATE: Buffer overflow caused by an oversized Type 4 function
    - debian/patches/CVE-2025-27834.patch: guard against unsigned int
      overflow in pdf/pdf_func.c.
    - CVE-2025-27834
  * SECURITY UPDATE: Buffer overflow when converting glyphs to unicode
    - debian/patches/CVE-2025-27835.patch: fix confusion between bytes and
      shorts in psi/zbfont.c.
    - CVE-2025-27835
  * SECURITY UPDATE: Print buffer overflow
    - debian/patches/CVE-2025-27836-1.patch: fix potential print buffer
      overflow in contrib/japanese/gdev10v.c.
    - debian/patches/CVE-2025-27836-2.patch: fix compiler warnings in
      contrib/japanese/gdev10v.c.
    - CVE-2025-27836

 -- Marc Deslauriers <email address hidden> Tue, 25 Mar 2025 13:42:18 -0400
Source diff to previous version
CVE-2025-27830 An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write
CVE-2025-27831 An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to device
CVE-2025-27832 An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c.
CVE-2025-27833 An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c.
CVE-2025-27834 An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf
CVE-2025-27835 An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c.
CVE-2025-27836 An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c.

Version: 10.02.1~dfsg1-0ubuntu7.4 2024-11-12 19:07:08 UTC

  ghostscript (10.02.1~dfsg1-0ubuntu7.4) noble-security; urgency=medium

  * SECURITY UPDATE: incorrect Pattern Implementation type handling
    - debian/patches/CVE-2024-46951.patch: check the type of the Pattern
      Implementation in psi/zcolor.c.
    - CVE-2024-46951
  * SECURITY UPDATE: Buffer overflow in PDF XRef stream
    - debian/patches/CVE-2024-46952.patch: sanitise W array values in Xref
      streams in pdf/pdf_xref.c.
    - CVE-2024-46952
  * SECURITY UPDATE: output filename overflow
    - debian/patches/CVE-2024-46953.patch: check for overflow validating
      format string for the output file name in base/gsdevice.c.
    - CVE-2024-46953
  * SECURITY UPDATE: directory escape via overlong encodings
    - debian/patches/CVE-2024-46954.patch: fix decode_utf8 to forbid
      overlong encodings in base/gp_utf8.c.
    - CVE-2024-46954
  * SECURITY UPDATE: Out of bounds read when reading color
    - debian/patches/CVE-2024-46955.patch: check Indexed colour space index
      in psi/zcolor.c.
    - CVE-2024-46955
  * SECURITY UPDATE: incorrect buffer length check
    - debian/patches/CVE-2024-46956.patch: fix length check in psi/zfile.c.
    - CVE-2024-46956

 -- Marc Deslauriers <email address hidden> Wed, 06 Nov 2024 11:35:01 -0500
Source diff to previous version
CVE-2024-46951 An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead
CVE-2024-46952 An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (rel
CVE-2024-46953 An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for th
CVE-2024-46954 An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directo
CVE-2024-46955 An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color spa
CVE-2024-46956 An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code

Version: 10.02.1~dfsg1-0ubuntu7.3 2024-07-15 15:07:37 UTC

  ghostscript (10.02.1~dfsg1-0ubuntu7.3) noble-security; urgency=medium

  * SECURITY UPDATE: stack-based buffer overflow via long PDF filter name
    - debian/patches/CVE-2024-29506.patch: don't allow PDF files with bad
      Filters to overflow the debug buffer in pdf/pdf_file.c.
    - CVE-2024-29506
  * SECURITY UPDATE: stack-based buffer overflows
    - debian/patches/CVE-2024-29507.patch: bounds checks when using CIDFont
      related params in pdf/pdf_font.c, pdf/pdf_warnings.h.
    - CVE-2024-29507
  * SECURITY UPDATE: heap-based pointer disclosure via constructed BaseFont
    name
    - debian/patches/CVE-2024-29508.patch: review printing of pointers in
      base/gsfont.c, base/gsicc_cache.c, base/gsmalloc.c, base/gxclmem.c,
      base/gxcpath.c, base/gxpath.c, base/szlibc.c, devices/gdevupd.c,
      devices/vector/gdevpdtb.c, psi/ialloc.c, psi/igc.c, psi/igcstr.c,
      psi/iinit.c, psi/imainarg.c, psi/isave.c, psi/iutil.c.
    - debian/patches/CVE-2024-29508-2.patch: fix compiler warning in
      optimised build in base/gsicc_cache.c.
    - debian/patches/CVE-2024-29508-3.patch: remove extra arguments in
      devices/gdevupd.c.
    - CVE-2024-29508
  * SECURITY UPDATE: heap-based overflow via PDFPassword with null byte
    - debian/patches/CVE-2024-29509.patch: don't use strlen on passwords in
      pdf/pdf_sec.c.
    - CVE-2024-29509
  * SECURITY UPDATE: directory traversal issue via OCRLanguage
    - debian/patches/CVE-2024-29511.patch: reject OCRLanguage changes after
      SAFER enabled in devices/gdevocr.c, devices/gdevpdfocr.c,
      devices/vector/gdevpdfp.c.
    - debian/patches/CVE-2024-29511-2.patch: original fix was overly
      aggressive in devices/gdevocr.c, devices/gdevpdfocr.c,
      devices/vector/gdevpdf.c, devices/vector/gdevpdfp.c.
    - CVE-2024-29511

 -- Marc Deslauriers <email address hidden> Thu, 11 Jul 2024 12:07:09 -0400
Source diff to previous version
CVE-2024-29506 Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name.
CVE-2024-29507 Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.
CVE-2024-29508 Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_allo
CVE-2024-29509 Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle.
CVE-2024-29511 Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing o

Version: 10.02.1~dfsg1-0ubuntu7.1 2024-06-17 20:07:27 UTC

  ghostscript (10.02.1~dfsg1-0ubuntu7.1) noble-security; urgency=medium

  * SECURITY UPDATE: Arbitrary code execution via uniprint device
    - debian/patches/CVE-2024-29510.patch: Prevent changes to uniprint device
      argument strings after SAFER is activated in gdevupd.c.
    - CVE-2024-29510
  * SECURITY UPDATE: Path traversal and arbitrary code execution via improperly
    checked path arguments
    - debian/patches/CVE-2024-33869-part1.patch: Check that a current working
      directory specifier is valid before stripping it from gpmisc.c.
    - debian/patches/CVE-2024-33869-part2.patch: Check that a current working
      directory specifier is valid before stripping it from gpmisc.c.
    - CVE-2024-33869
  * SECURITY UPDATE: Path traversal via improperly checked path arguments
    - debian/patches/CVE-2024-33870.patch: Add a check for parent directory
      prefixes when handling relative paths in gpmisc.c.
    - CVE-2024-33870
  * SECURITY UPDATE: Arbitrary code execution via custom driver library
    - debian/patches/CVE-2024-33871.patch: Prevent changes to parameter that
      specifies the names of dynamic libraries to be loaded by the opvp/oprp
      device in gdevopvp.c
    - CVE-2024-33871

 -- Chris Kim <email address hidden> Wed, 05 Jun 2024 10:32:38 -0700


About   -   Send Feedback to @ubuntu_updates