ALAS-2025-907

Amazon Linux 2023 Security Advisory: ALAS-2025-907
Advisory Release Date: 2025-03-26 20:44 Pacific
Advisory Updated Date: 2025-04-01 11:34 Pacific
Severity: Important
Issue Overview:

The calculation of the buffer size was being done with int values, and overflowing that data type. The bug has existed since the creation of the file contrib/japanese/gdevnpdl.c
The calculation of the buffer size was being done with int values, and overflowing that data type. By leaving the total size calculation to the memory manager, the calculation ends up being done in size_t values, and avoiding the overflow in this case, but also meaning the memory manager overflow protection will be effective.

Fixed in ghostpdl-10.05.0

Info: https://bugs.ghostscript.com/show_bug.cgi?id=708133
Patch: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=57291c846334f1585552010faa42d7cb2cbd5c41 (CVE-2025-27832)


Affected Packages:

ghostscript


Issue Correction:
Run dnf update ghostscript --releasever 2023.7.20250331 to update your system.

New Packages:
aarch64:
    ghostscript-debuginfo-9.56.1-7.amzn2023.0.14.aarch64
    ghostscript-x11-debuginfo-9.56.1-7.amzn2023.0.14.aarch64
    ghostscript-gtk-debuginfo-9.56.1-7.amzn2023.0.14.aarch64
    ghostscript-9.56.1-7.amzn2023.0.14.aarch64
    ghostscript-x11-9.56.1-7.amzn2023.0.14.aarch64
    libgs-devel-9.56.1-7.amzn2023.0.14.aarch64
    ghostscript-tools-dvipdf-9.56.1-7.amzn2023.0.14.aarch64
    ghostscript-tools-printing-9.56.1-7.amzn2023.0.14.aarch64
    libgs-debuginfo-9.56.1-7.amzn2023.0.14.aarch64
    ghostscript-tools-fonts-9.56.1-7.amzn2023.0.14.aarch64
    libgs-9.56.1-7.amzn2023.0.14.aarch64
    ghostscript-gtk-9.56.1-7.amzn2023.0.14.aarch64
    ghostscript-debugsource-9.56.1-7.amzn2023.0.14.aarch64

noarch:
    ghostscript-doc-9.56.1-7.amzn2023.0.14.noarch

src:
    ghostscript-9.56.1-7.amzn2023.0.14.src

x86_64:
    libgs-debuginfo-9.56.1-7.amzn2023.0.14.x86_64
    ghostscript-tools-printing-9.56.1-7.amzn2023.0.14.x86_64
    libgs-devel-9.56.1-7.amzn2023.0.14.x86_64
    ghostscript-x11-debuginfo-9.56.1-7.amzn2023.0.14.x86_64
    ghostscript-gtk-debuginfo-9.56.1-7.amzn2023.0.14.x86_64
    ghostscript-x11-9.56.1-7.amzn2023.0.14.x86_64
    ghostscript-tools-fonts-9.56.1-7.amzn2023.0.14.x86_64
    ghostscript-tools-dvipdf-9.56.1-7.amzn2023.0.14.x86_64
    ghostscript-9.56.1-7.amzn2023.0.14.x86_64
    ghostscript-gtk-9.56.1-7.amzn2023.0.14.x86_64
    libgs-9.56.1-7.amzn2023.0.14.x86_64
    ghostscript-debuginfo-9.56.1-7.amzn2023.0.14.x86_64
    ghostscript-debugsource-9.56.1-7.amzn2023.0.14.x86_64

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2025-27832

Mitre: CVE-2025-27832