| Package | ghostscript |
|---|---|
| Version | 9.26a~dfsg-0+deb8u15 (jessie), 9.26a~dfsg-0+deb9u14 (stretch), 9.27~dfsg-2+deb10u11 (buster) |
| Related CVEs | CVE-2025-27830 CVE-2025-27831 CVE-2025-27832 CVE-2025-27835 CVE-2025-27836 |
Multiple vulnerabilities affected ghostscript an interpreter for PostScript and Portable Document Format (PDF) page description languages.
CVE-2025-27830
Buffer overflow via serialization of DollarBlend
CVE-2025-27831
Unicode decoding overrun
CVE-2025-27832
Integer overflow leading to buffer overflow
CVE-2025-27835
Confusion between bytes and shorts
CVE-2025-27836
Buffer overflow in bj10v device
For Debian 10 buster, these problems have been fixed in version 9.27~dfsg-2+deb10u11.
For Debian 8 jessie, these problems have been fixed in version 9.26a~dfsg-0+deb8u15.
For Debian 9 stretch, these problems have been fixed in version 9.26a~dfsg-0+deb9u14.
We recommend that you upgrade your ghostscript packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.