Packages
- ghostscript - PostScript and PDF interpreter
Details
It was discovered that OpenJPEG, vendored in Ghostscript did not correctly
handle large image files. If a user or system were tricked into opening a
specially crafted file, an attacker could possibly use this issue to cause
a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu
18.04 LTS. (CVE-2023-39327) Thomas Rinsma discovered that Ghostscript did
not correctly handle printing certain variables. An attacker could possibly
use this issue to leak sensitive information. This issue only affected
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-29508) It was discovered
that Ghostscript did not correctly handle loading certain libraries. An
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 16.04 LTS. (CVE-2024-33871) It was discovered
that Ghostscript did...
It was discovered that OpenJPEG, vendored in Ghostscript did not correctly
handle large image files. If a user or system were tricked into opening a
specially crafted file, an attacker could possibly use this issue to cause
a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu
18.04 LTS. (CVE-2023-39327) Thomas Rinsma discovered that Ghostscript did
not correctly handle printing certain variables. An attacker could possibly
use this issue to leak sensitive information. This issue only affected
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-29508) It was discovered
that Ghostscript did not correctly handle loading certain libraries. An
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 16.04 LTS. (CVE-2024-33871) It was discovered
that Ghostscript did not correctly handle certain memory operations. An
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-56826,
CVE-2024-56827, CVE-2025-27832, CVE-2025-27835, CVE-2025-27836) Vasileios
Flengas discovered that Ghostscript did not correctly handle argument
sanitization. An attacker could possibly use this issue to leak sensitive
information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
Ubuntu 24.04 LTS, Ubuntu 24.10 and Ubuntu 25.04. (CVE-2025-48708)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 25.04 plucky | ghostscript – 10.05.0dfsg1-0ubuntu1.1 | ||
| libgs10 – 10.05.0dfsg1-0ubuntu1.1 | |||
| 24.10 oracular | ghostscript – 10.03.1~dfsg1-0ubuntu2.4 | ||
| libgs10 – 10.03.1~dfsg1-0ubuntu2.4 | |||
| 24.04 noble | ghostscript – 10.02.1~dfsg1-0ubuntu7.7 | ||
| libgs10 – 10.02.1~dfsg1-0ubuntu7.7 | |||
| 22.04 jammy | ghostscript – 9.55.0~dfsg1-0ubuntu5.12 | ||
| ghostscript-x – 9.55.0~dfsg1-0ubuntu5.12 | |||
| libgs9 – 9.55.0~dfsg1-0ubuntu5.12 | |||
| 20.04 focal | libgs9 – 9.50~dfsg-5ubuntu4.15+esm1 | ||
| 18.04 bionic | ghostscript – 9.26~dfsg+0-0ubuntu0.18.04.18+esm4 | ||
| ghostscript-x – 9.26~dfsg+0-0ubuntu0.18.04.18+esm4 | |||
| libgs-dev – 9.26~dfsg+0-0ubuntu0.18.04.18+esm4 | |||
| libgs9 – 9.26~dfsg+0-0ubuntu0.18.04.18+esm4 | |||
| libgs9-common – 9.26~dfsg+0-0ubuntu0.18.04.18+esm4 | |||
| 16.04 xenial | ghostscript – 9.26~dfsg+0-0ubuntu0.16.04.14+esm9 | ||
| ghostscript-x – 9.26~dfsg+0-0ubuntu0.16.04.14+esm9 | |||
| libgs-dev – 9.26~dfsg+0-0ubuntu0.16.04.14+esm9 | |||
| libgs9 – 9.26~dfsg+0-0ubuntu0.16.04.14+esm9 | |||
| libgs9-common – 9.26~dfsg+0-0ubuntu0.16.04.14+esm9 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.