Search for packages
Package details: pkg:deb/debian/ghostscript@10.0.0~dfsg-11%2Bdeb12u7
purl pkg:deb/debian/ghostscript@10.0.0~dfsg-11%2Bdeb12u7
Next non-vulnerable version 10.05.1~dfsg-1
Latest non-vulnerable version 10.05.1~dfsg-1
Risk 3.4
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-cv9z-tq9h-u7dq
Aliases:
CVE-2024-29511
Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.
10.05.1~dfsg-1
Affected by 0 other vulnerabilities.
VCID-f1pt-6dxq-zfe7
Aliases:
CVE-2025-48708
gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.
10.05.1~dfsg-1
Affected by 0 other vulnerabilities.
VCID-mq7g-44dd-qbbf
Aliases:
CVE-2023-38560
An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format.
10.05.1~dfsg-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (11)
Vulnerability Summary Aliases
VCID-25pd-t3sg-dkgk An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c. CVE-2025-27831
VCID-46sq-cp61-p3eu Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc. CVE-2024-29508
VCID-4r9b-8dpu-hkej An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c. CVE-2025-27836
VCID-988a-ef83-wqgt A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue. CVE-2022-1350
VCID-b8wt-ese4-rqc8 An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c. CVE-2025-27832
VCID-c66r-863s-23g2 An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space. CVE-2024-46955
VCID-c9d6-164h-y3hh An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c. CVE-2025-27835
VCID-egbq-7k6w-77gm An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. CVE-2024-46951
VCID-uq76-w9fq-sqaq An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution. CVE-2024-46956
VCID-wj86-2685-5yhf An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution. CVE-2024-46953
VCID-yk2r-rt5x-63d9 An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c. CVE-2025-27830

Date Actor Action Vulnerability Source VulnerableCode Version
2025-08-01T17:40:50.292722+00:00 Debian Oval Importer Fixing VCID-c9d6-164h-y3hh https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T16:16:01.948980+00:00 Debian Oval Importer Fixing VCID-yk2r-rt5x-63d9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T15:44:05.386070+00:00 Debian Oval Importer Fixing VCID-46sq-cp61-p3eu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T15:20:42.485624+00:00 Debian Oval Importer Fixing VCID-c66r-863s-23g2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T15:14:19.131273+00:00 Debian Oval Importer Fixing VCID-25pd-t3sg-dkgk https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T14:03:55.363013+00:00 Debian Oval Importer Fixing VCID-egbq-7k6w-77gm https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T13:27:36.182473+00:00 Debian Oval Importer Fixing VCID-4r9b-8dpu-hkej https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T13:16:57.672990+00:00 Debian Importer Fixing VCID-988a-ef83-wqgt https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-08-01T13:02:48.185249+00:00 Debian Oval Importer Fixing VCID-wj86-2685-5yhf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T12:59:45.955437+00:00 Debian Importer Affected by VCID-mq7g-44dd-qbbf https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-08-01T12:52:39.248598+00:00 Debian Importer Affected by VCID-f1pt-6dxq-zfe7 https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-08-01T12:48:59.705871+00:00 Debian Oval Importer Fixing VCID-b8wt-ese4-rqc8 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T12:47:16.748027+00:00 Debian Importer Affected by VCID-cv9z-tq9h-u7dq https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-08-01T12:19:25.468404+00:00 Debian Oval Importer Fixing VCID-uq76-w9fq-sqaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0