ALAS-2025-2805

Amazon Linux 2 Security Advisory: ALAS-2025-2805
Advisory Release Date: 2025-03-26 19:24 Pacific
Advisory Updated Date: 2025-04-01 16:23 Pacific
Severity: Important
Issue Overview:

Potential integer and buffer overflow with DollarBlend during serializing a multiple master font for passing to Freetype. Fixed by changing a variable type from short to unsigned short and checking if a length variable exceeds permitted limit.
Fixed in ghostpdl-10.05.0 (CVE-2025-27830)

Text buffer overflow with long characters; the txt_get_unicode function was copying too few bytes from the fixed glyph name to unicode mapping tables. This was probably causing incorrect Unicode code points in relatively rare cases but not otherwise a problem. However, a badly formed GlyphNames2Unicode array attached to a font could cause the decoding to spill over the assigned buffer.

Patched in ghostpdl-10.05.0 (CVE-2025-27831)

The calculation of the buffer size was being done with int values, and overflowing that data type. The bug has existed since the creation of the file contrib/japanese/gdevnpdl.c
The calculation of the buffer size was being done with int values, and overflowing that data type. By leaving the total size calculation to the memory manager, the calculation ends up being done in size_t values, and avoiding the overflow in this case, but also meaning the memory manager overflow protection will be effective.

Fixed in ghostpdl-10.05.0

Info: https://bugs.ghostscript.com/show_bug.cgi?id=708133
Patch: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=57291c846334f1585552010faa42d7cb2cbd5c41 (CVE-2025-27832)


Affected Packages:

ghostscript


Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update ghostscript to update your system.

New Packages:
aarch64:
    ghostscript-9.54.0-9.amzn2.0.9.aarch64
    libgs-9.54.0-9.amzn2.0.9.aarch64
    libgs-devel-9.54.0-9.amzn2.0.9.aarch64
    ghostscript-gtk-9.54.0-9.amzn2.0.9.aarch64
    ghostscript-cups-9.54.0-9.amzn2.0.9.aarch64
    ghostscript-debuginfo-9.54.0-9.amzn2.0.9.aarch64

i686:
    ghostscript-9.54.0-9.amzn2.0.9.i686
    libgs-9.54.0-9.amzn2.0.9.i686
    libgs-devel-9.54.0-9.amzn2.0.9.i686
    ghostscript-gtk-9.54.0-9.amzn2.0.9.i686
    ghostscript-cups-9.54.0-9.amzn2.0.9.i686
    ghostscript-debuginfo-9.54.0-9.amzn2.0.9.i686

noarch:
    ghostscript-doc-9.54.0-9.amzn2.0.9.noarch

src:
    ghostscript-9.54.0-9.amzn2.0.9.src

x86_64:
    ghostscript-9.54.0-9.amzn2.0.9.x86_64
    libgs-9.54.0-9.amzn2.0.9.x86_64
    libgs-devel-9.54.0-9.amzn2.0.9.x86_64
    ghostscript-gtk-9.54.0-9.amzn2.0.9.x86_64
    ghostscript-cups-9.54.0-9.amzn2.0.9.x86_64
    ghostscript-debuginfo-9.54.0-9.amzn2.0.9.x86_64

Additional References

Release Notes:  Amazon Linux 2 Release Notes

Red Hat: CVE-2025-27830, CVE-2025-27831, CVE-2025-27832

Mitre: CVE-2025-27830, CVE-2025-27831, CVE-2025-27832