[Buildroot] [git commit] package/ghostscript: security bump to version 10.05.0

Julien Olivain ju.o at free.fr
Mon Apr 14 21:32:19 UTC 2025 

commit: https://git.buildroot.net/buildroot/commit/?id=9abf662cfd35c101b2c4c0e191adc3b949846663
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

Fixes the following security issues:

- CVE-2025-27830: An issue was discovered in Artifex Ghostscript before
  10.05.0.  A buffer overflow occurs during serialization of DollarBlend in
  a font, for base/write_t1.c and psi/zfapi.c.

- CVE-2025-27831: An issue was discovered in Artifex Ghostscript before
  10.05.0.  The DOCXWRITE TXTWRITE device has a text buffer overflow via
  long characters to devices/vector/doc_common.c.

- CVE-2025-27832: An issue was discovered in Artifex Ghostscript before
  10.05.0.  The NPDL device has a Compression buffer overflow for
  contrib/japanese/gdevnpdl.c.

- CVE-2025-27833: An issue was discovered in Artifex Ghostscript before
  10.05.0.  A buffer overflow occurs for a long TTF font name to
  pdf/pdf_fmap.c.

- CVE-2025-27834: An issue was discovered in Artifex Ghostscript before
  10.05.0.  A buffer overflow occurs via an oversized Type 4 function in a
  PDF document to pdf/pdf_func.c.

- CVE-2025-27835: An issue was discovered in Artifex Ghostscript before
  10.05.0.  A buffer overflow occurs when converting glyphs to Unicode in
  psi/zbfont.c.

- CVE-2025-27836: An issue was discovered in Artifex Ghostscript before
  10.05.0.  The BJ10V device has a Print buffer overflow in
  contrib/japanese/gdev10v.c.

- CVE-2025-27837: An issue was discovered in Artifex Ghostscript before
  10.05.0.  Access to arbitrary files can occur through a truncated path
  with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.

https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs10050

Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Signed-off-by: Julien Olivain <ju.o at free.fr>
---
 package/ghostscript/ghostscript.hash | 4 ++--
 package/ghostscript/ghostscript.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/ghostscript/ghostscript.hash b/package/ghostscript/ghostscript.hash
index c64ab80eb0..8f44c444f1 100644
--- a/package/ghostscript/ghostscript.hash
+++ b/package/ghostscript/ghostscript.hash
@@ -1,5 +1,5 @@
-# From https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10040/SHA512SUMS
-sha512  2e711f8ba86491570684f13851190f41e6eee87dcfacce0a4adfd09a4523abf2e0b6727f0958ee2683834218f5705675b531fd2419cb7fc314ed4becf51f3ce3  ghostscript-10.04.0.tar.xz
+# From https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10050/SHA512SUMS
+sha512  5a8695726ea2c70fd153bac47696c9e9046e9f74eccf8eea500794f79f09d5d2be70597c9d85c0b51b71d46d7974f50c5c9e3b0e242816bb84e64f1098a306a6  ghostscript-10.05.0.tar.xz
 
 # Hash for license file:
 sha256  8ce064f423b7c24a011b6ebf9431b8bf9861a5255e47c84bfb23fc526d030a8b  LICENSE
diff --git a/package/ghostscript/ghostscript.mk b/package/ghostscript/ghostscript.mk
index a29ab9b66e..9e2342e5ac 100644
--- a/package/ghostscript/ghostscript.mk
+++ b/package/ghostscript/ghostscript.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GHOSTSCRIPT_VERSION = 10.04.0
+GHOSTSCRIPT_VERSION = 10.05.0
 GHOSTSCRIPT_SOURCE = ghostscript-$(GHOSTSCRIPT_VERSION).tar.xz
 GHOSTSCRIPT_SITE = https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs$(subst .,,$(GHOSTSCRIPT_VERSION))
 GHOSTSCRIPT_LICENSE = AGPL-3.0

More information about the buildroot mailing list