USN-7378-1
- Source
- https://ubuntu.com/security/notices/USN-7378-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7378-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-7378-1
- Upstream
- Related
- Published
- 2025-03-27T12:00:37.642553Z
- Modified
- 2025-10-13T04:40:32Z
- Summary
- ghostscript vulnerabilities
- Details
-
It was discovered that Ghostscript incorrectly serialized DollarBlend in certain fonts. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-27830)
It was discovered that Ghostscript incorrectly handled the DOCXWRITE TXTWRITE device. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. (CVE-2025-27831)
It was discovered that Ghostscript incorrectly handled the NPDL device. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-27832)
It was discovered that Ghostscript incorrectly handled certain long TTF file names. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-27833)
It was discovered that Ghostscript incorrectly handled oversized Type 4 functions in certain PDF documents. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. (CVE-2025-27834)
It was discovered that Ghostscript incorrectly handled converting certain glyphs to Unicode. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-27835)
It was discovered that Ghostscript incorrectly handled the BJ10V device. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-27836)
- References
-
- https://ubuntu.com/security/notices/USN-7378-1
- https://ubuntu.com/security/CVE-2025-27830
- https://ubuntu.com/security/CVE-2025-27831
- https://ubuntu.com/security/CVE-2025-27832
- https://ubuntu.com/security/CVE-2025-27833
- https://ubuntu.com/security/CVE-2025-27834
- https://ubuntu.com/security/CVE-2025-27835
- https://ubuntu.com/security/CVE-2025-27836
Affected packages
Ubuntu:20.04:LTS / ghostscript
Package
- Name
- ghostscript
- Purl
- pkg:deb/ubuntu/ghostscript@9.50~dfsg-5ubuntu4.15?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.50~dfsg-5ubuntu4.15
Affected versions
9.*
Ecosystem specific
{
"binaries": [
{
"binary_name": "ghostscript",
"binary_version": "9.50~dfsg-5ubuntu4.15"
},
{
"binary_name": "ghostscript-x",
"binary_version": "9.50~dfsg-5ubuntu4.15"
},
{
"binary_name": "libgs-dev",
"binary_version": "9.50~dfsg-5ubuntu4.15"
},
{
"binary_name": "libgs9",
"binary_version": "9.50~dfsg-5ubuntu4.15"
},
{
"binary_name": "libgs9-common",
"binary_version": "9.50~dfsg-5ubuntu4.15"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:20.04:LTS",
"cves": [
{
"id": "CVE-2025-27830",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2025-27832",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2025-27835",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2025-27836",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}
Ubuntu:22.04:LTS / ghostscript
Package
- Name
- ghostscript
- Purl
- pkg:deb/ubuntu/ghostscript@9.55.0~dfsg1-0ubuntu5.11?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.55.0~dfsg1-0ubuntu5.11
Affected versions
9.*
Ecosystem specific
{
"binaries": [
{
"binary_name": "ghostscript",
"binary_version": "9.55.0~dfsg1-0ubuntu5.11"
},
{
"binary_name": "ghostscript-x",
"binary_version": "9.55.0~dfsg1-0ubuntu5.11"
},
{
"binary_name": "libgs-dev",
"binary_version": "9.55.0~dfsg1-0ubuntu5.11"
},
{
"binary_name": "libgs9",
"binary_version": "9.55.0~dfsg1-0ubuntu5.11"
},
{
"binary_name": "libgs9-common",
"binary_version": "9.55.0~dfsg1-0ubuntu5.11"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:22.04:LTS",
"cves": [
{
"id": "CVE-2025-27830",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2025-27831",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2025-27832",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2025-27834",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2025-27835",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2025-27836",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}
Ubuntu:24.04:LTS / ghostscript
Package
- Name
- ghostscript
- Purl
- pkg:deb/ubuntu/ghostscript@10.02.1~dfsg1-0ubuntu7.5?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.02.1~dfsg1-0ubuntu7.5
Affected versions
10.*
Ecosystem specific
{
"binaries": [
{
"binary_name": "ghostscript",
"binary_version": "10.02.1~dfsg1-0ubuntu7.5"
},
{
"binary_name": "libgs-common",
"binary_version": "10.02.1~dfsg1-0ubuntu7.5"
},
{
"binary_name": "libgs-dev",
"binary_version": "10.02.1~dfsg1-0ubuntu7.5"
},
{
"binary_name": "libgs10",
"binary_version": "10.02.1~dfsg1-0ubuntu7.5"
},
{
"binary_name": "libgs10-common",
"binary_version": "10.02.1~dfsg1-0ubuntu7.5"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:24.04:LTS",
"cves": [
{
"id": "CVE-2025-27830",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2025-27831",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2025-27832",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2025-27833",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2025-27834",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2025-27835",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2025-27836",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}