{"id":"USN-7623-1","summary":"ghostscript vulnerabilities","details":"It was discovered that OpenJPEG, vendored in Ghostscript did not correctly\nhandle large image files. If a user or system were tricked into opening a\nspecially crafted file, an attacker could possibly use this issue to cause\na denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu\n18.04 LTS. (CVE-2023-39327)  Thomas Rinsma discovered that Ghostscript did\nnot correctly handle printing certain variables. An attacker could possibly\nuse this issue to leak sensitive information. This issue only affected\nUbuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-29508)  It was discovered\nthat Ghostscript did not correctly handle loading certain libraries. An\nattacker could possibly use this issue to execute arbitrary code. This\nissue only affected Ubuntu 16.04 LTS. (CVE-2024-33871)  It was discovered\nthat Ghostscript did not correctly handle certain memory operations. An\nattacker could possibly use this issue to execute arbitrary code. This\nissue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-56826,\nCVE-2024-56827, CVE-2025-27832, CVE-2025-27835, CVE-2025-27836)  Vasileios\nFlengas discovered that Ghostscript did not correctly handle argument\nsanitization. An attacker could possibly use this issue to leak sensitive\ninformation. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,\nUbuntu 24.04 LTS, Ubuntu 24.10 and Ubuntu 25.04. (CVE-2025-48708)","modified":"2026-05-20T16:03:46.543515939Z","published":"2025-07-08T03:48:52Z","related":["UBUNTU-CVE-2023-39327","UBUNTU-CVE-2024-29508","UBUNTU-CVE-2024-56826","UBUNTU-CVE-2024-56827","UBUNTU-CVE-2025-27832","UBUNTU-CVE-2025-27835","UBUNTU-CVE-2025-27836","UBUNTU-CVE-2025-48708"],"upstream":["CVE-2023-39327","CVE-2024-29508","CVE-2024-56826","CVE-2024-56827","CVE-2025-27832","CVE-2025-27835","CVE-2025-27836","CVE-2025-48708","UBUNTU-CVE-2023-39327","UBUNTU-CVE-2024-29508","UBUNTU-CVE-2024-56826","UBUNTU-CVE-2024-56827","UBUNTU-CVE-2025-27832","UBUNTU-CVE-2025-27835","UBUNTU-CVE-2025-27836","UBUNTU-CVE-2025-48708"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7623-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-39327"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-29508"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-56826"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-56827"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-27832"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-27835"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-27836"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-48708"}],"affected":[{"package":{"name":"ghostscript","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/ghostscript?arch=source&distro=esm-apps%2Fxenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.26~dfsg+0-0ubuntu0.16.04.14+esm9"}]}],"versions":["9.16~dfsg~0-0ubuntu3","9.16~dfsg~0-0ubuntu4","9.18~dfsg~0-0ubuntu1","9.18~dfsg~0-0ubuntu2","9.18~dfsg~0-0ubuntu2.2","9.18~dfsg~0-0ubuntu2.3","9.18~dfsg~0-0ubuntu2.4","9.18~dfsg~0-0ubuntu2.6","9.18~dfsg~0-0ubuntu2.7","9.18~dfsg~0-0ubuntu2.8","9.18~dfsg~0-0ubuntu2.9","9.25~dfsg+1-0ubuntu0.16.04.1","9.25~dfsg+1-0ubuntu0.16.04.2","9.25~dfsg+1-0ubuntu0.16.04.3","9.26~dfsg+0-0ubuntu0.16.04.1","9.26~dfsg+0-0ubuntu0.16.04.3","9.26~dfsg+0-0ubuntu0.16.04.4","9.26~dfsg+0-0ubuntu0.16.04.5","9.26~dfsg+0-0ubuntu0.16.04.6","9.26~dfsg+0-0ubuntu0.16.04.7","9.26~dfsg+0-0ubuntu0.16.04.8","9.26~dfsg+0-0ubuntu0.16.04.9","9.26~dfsg+0-0ubuntu0.16.04.10","9.26~dfsg+0-0ubuntu0.16.04.11","9.26~dfsg+0-0ubuntu0.16.04.12","9.26~dfsg+0-0ubuntu0.16.04.13","9.26~dfsg+0-0ubuntu0.16.04.14","9.26~dfsg+0-0ubuntu0.16.04.14+esm1","9.26~dfsg+0-0ubuntu0.16.04.14+esm2","9.26~dfsg+0-0ubuntu0.16.04.14+esm3","9.26~dfsg+0-0ubuntu0.16.04.14+esm4","9.26~dfsg+0-0ubuntu0.16.04.14+esm5","9.26~dfsg+0-0ubuntu0.16.04.14+esm6","9.26~dfsg+0-0ubuntu0.16.04.14+esm7","9.26~dfsg+0-0ubuntu0.16.04.14+esm8"],"ecosystem_specific":{"binaries":[{"binary_version":"9.26~dfsg+0-0ubuntu0.16.04.14+esm9","binary_name":"ghostscript"},{"binary_version":"9.26~dfsg+0-0ubuntu0.16.04.14+esm9","binary_name":"ghostscript-x"},{"binary_version":"9.26~dfsg+0-0ubuntu0.16.04.14+esm9","binary_name":"libgs9"},{"binary_version":"9.26~dfsg+0-0ubuntu0.16.04.14+esm9","binary_name":"libgs9-common"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[],"ecosystem":"Ubuntu:Pro:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7623-1.json"}},{"package":{"name":"ghostscript","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/ghostscript?arch=source&distro=esm-infra%2Fbionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.26~dfsg+0-0ubuntu0.18.04.18+esm4"}]}],"versions":["9.21~dfsg+1-0ubuntu3","9.22~dfsg+1-0ubuntu1","9.22~dfsg+1-0ubuntu1.1","9.22~dfsg+1-0ubuntu1.2","9.25~dfsg+1-0ubuntu0.18.04.1","9.25~dfsg+1-0ubuntu0.18.04.2","9.26~dfsg+0-0ubuntu0.18.04.1","9.26~dfsg+0-0ubuntu0.18.04.3","9.26~dfsg+0-0ubuntu0.18.04.4","9.26~dfsg+0-0ubuntu0.18.04.5","9.26~dfsg+0-0ubuntu0.18.04.6","9.26~dfsg+0-0ubuntu0.18.04.7","9.26~dfsg+0-0ubuntu0.18.04.8","9.26~dfsg+0-0ubuntu0.18.04.9","9.26~dfsg+0-0ubuntu0.18.04.10","9.26~dfsg+0-0ubuntu0.18.04.11","9.26~dfsg+0-0ubuntu0.18.04.12","9.26~dfsg+0-0ubuntu0.18.04.13","9.26~dfsg+0-0ubuntu0.18.04.14","9.26~dfsg+0-0ubuntu0.18.04.15","9.26~dfsg+0-0ubuntu0.18.04.16","9.26~dfsg+0-0ubuntu0.18.04.17","9.26~dfsg+0-0ubuntu0.18.04.18","9.26~dfsg+0-0ubuntu0.18.04.18+esm1","9.26~dfsg+0-0ubuntu0.18.04.18+esm2","9.26~dfsg+0-0ubuntu0.18.04.18+esm3"],"ecosystem_specific":{"binaries":[{"binary_version":"9.26~dfsg+0-0ubuntu0.18.04.18+esm4","binary_name":"ghostscript"},{"binary_version":"9.26~dfsg+0-0ubuntu0.18.04.18+esm4","binary_name":"ghostscript-x"},{"binary_version":"9.26~dfsg+0-0ubuntu0.18.04.18+esm4","binary_name":"libgs9"},{"binary_version":"9.26~dfsg+0-0ubuntu0.18.04.18+esm4","binary_name":"libgs9-common"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-39327"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-29508"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-56826"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-56827"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2025-27832"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2025-27835"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2025-27836"}],"ecosystem":"Ubuntu:Pro:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7623-1.json"}},{"package":{"name":"ghostscript","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/ghostscript?arch=source&distro=esm-infra%2Ffocal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.50~dfsg-5ubuntu4.15+esm1"}]}],"versions":["9.27~dfsg+0-0ubuntu3","9.27~dfsg+0-0ubuntu4","9.50~dfsg-5ubuntu1","9.50~dfsg-5ubuntu2","9.50~dfsg-5ubuntu3","9.50~dfsg-5ubuntu4","9.50~dfsg-5ubuntu4.1","9.50~dfsg-5ubuntu4.2","9.50~dfsg-5ubuntu4.3","9.50~dfsg-5ubuntu4.4","9.50~dfsg-5ubuntu4.5","9.50~dfsg-5ubuntu4.6","9.50~dfsg-5ubuntu4.7","9.50~dfsg-5ubuntu4.8","9.50~dfsg-5ubuntu4.9","9.50~dfsg-5ubuntu4.10","9.50~dfsg-5ubuntu4.11","9.50~dfsg-5ubuntu4.12","9.50~dfsg-5ubuntu4.13","9.50~dfsg-5ubuntu4.14","9.50~dfsg-5ubuntu4.15"],"ecosystem_specific":{"binaries":[{"binary_version":"9.50~dfsg-5ubuntu4.15+esm1","binary_name":"ghostscript"},{"binary_version":"9.50~dfsg-5ubuntu4.15+esm1","binary_name":"ghostscript-x"},{"binary_version":"9.50~dfsg-5ubuntu4.15+esm1","binary_name":"libgs9"},{"binary_version":"9.50~dfsg-5ubuntu4.15+esm1","binary_name":"libgs9-common"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2025-48708"}],"ecosystem":"Ubuntu:Pro:20.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7623-1.json"}},{"package":{"name":"ghostscript","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/ghostscript?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.55.0~dfsg1-0ubuntu5.12"}]}],"versions":["9.54.0~dfsg1-0ubuntu2","9.55.0~dfsg1-0ubuntu4","9.55.0~dfsg1-0ubuntu5","9.55.0~dfsg1-0ubuntu5.1","9.55.0~dfsg1-0ubuntu5.2","9.55.0~dfsg1-0ubuntu5.3","9.55.0~dfsg1-0ubuntu5.4","9.55.0~dfsg1-0ubuntu5.5","9.55.0~dfsg1-0ubuntu5.6","9.55.0~dfsg1-0ubuntu5.7","9.55.0~dfsg1-0ubuntu5.9","9.55.0~dfsg1-0ubuntu5.10","9.55.0~dfsg1-0ubuntu5.11"],"ecosystem_specific":{"binaries":[{"binary_version":"9.55.0~dfsg1-0ubuntu5.12","binary_name":"ghostscript"},{"binary_version":"9.55.0~dfsg1-0ubuntu5.12","binary_name":"ghostscript-x"},{"binary_version":"9.55.0~dfsg1-0ubuntu5.12","binary_name":"libgs9"},{"binary_version":"9.55.0~dfsg1-0ubuntu5.12","binary_name":"libgs9-common"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2025-48708"}],"ecosystem":"Ubuntu:22.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7623-1.json"}},{"package":{"name":"ghostscript","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/ghostscript?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.02.1~dfsg1-0ubuntu7.7"}]}],"versions":["10.01.2~dfsg1-0ubuntu2","10.01.2~dfsg1-0ubuntu2.1","10.02.1~dfsg1-0ubuntu1","10.02.1~dfsg1-0ubuntu2","10.02.1~dfsg1-0ubuntu5","10.02.1~dfsg1-0ubuntu6","10.02.1~dfsg1-0ubuntu7","10.02.1~dfsg1-0ubuntu7.1","10.02.1~dfsg1-0ubuntu7.3","10.02.1~dfsg1-0ubuntu7.4","10.02.1~dfsg1-0ubuntu7.5","10.02.1~dfsg1-0ubuntu7.6"],"ecosystem_specific":{"binaries":[{"binary_version":"10.02.1~dfsg1-0ubuntu7.7","binary_name":"ghostscript"},{"binary_version":"10.02.1~dfsg1-0ubuntu7.7","binary_name":"libgs-common"},{"binary_version":"10.02.1~dfsg1-0ubuntu7.7","binary_name":"libgs10"},{"binary_version":"10.02.1~dfsg1-0ubuntu7.7","binary_name":"libgs10-common"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2025-48708"}],"ecosystem":"Ubuntu:24.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7623-1.json"}}],"schema_version":"1.7.5"}