Amazon Linux 2 Security Advisory: ALAS2-2025-2947
Advisory Released Date: 2025-08-04
Advisory Updated Date: 2025-08-04
A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the function pdf_ferror of the file devices/vector/gdevpdf.c of the component New Output File Open Error Handler. The manipulation leads to null pointer dereference. It is possible to initiate the attack remotely. The identifier of the patch is 619a106ba4c4abed95110f84d5efcd7aee38c7cb. It is recommended to apply a patch to fix this issue. (CVE-2025-7462)
Affected Packages:
ghostscript
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update ghostscript or yum update --advisory ALAS2-2025-2947 to update your system.
aarch64:
ghostscript-9.54.0-9.amzn2.0.12.aarch64
libgs-9.54.0-9.amzn2.0.12.aarch64
libgs-devel-9.54.0-9.amzn2.0.12.aarch64
ghostscript-gtk-9.54.0-9.amzn2.0.12.aarch64
ghostscript-cups-9.54.0-9.amzn2.0.12.aarch64
ghostscript-debuginfo-9.54.0-9.amzn2.0.12.aarch64
i686:
ghostscript-9.54.0-9.amzn2.0.12.i686
libgs-9.54.0-9.amzn2.0.12.i686
libgs-devel-9.54.0-9.amzn2.0.12.i686
ghostscript-gtk-9.54.0-9.amzn2.0.12.i686
ghostscript-cups-9.54.0-9.amzn2.0.12.i686
ghostscript-debuginfo-9.54.0-9.amzn2.0.12.i686
noarch:
ghostscript-doc-9.54.0-9.amzn2.0.12.noarch
src:
ghostscript-9.54.0-9.amzn2.0.12.src
x86_64:
ghostscript-9.54.0-9.amzn2.0.12.x86_64
libgs-9.54.0-9.amzn2.0.12.x86_64
libgs-devel-9.54.0-9.amzn2.0.12.x86_64
ghostscript-gtk-9.54.0-9.amzn2.0.12.x86_64
ghostscript-cups-9.54.0-9.amzn2.0.12.x86_64
ghostscript-debuginfo-9.54.0-9.amzn2.0.12.x86_64