Amazon Linux 1 (EOL) Security Advisory: ALAS-2025-1967
Advisory Released Date: 2025-04-17
Advisory Updated Date: 2025-04-17
The calculation of the buffer size was being done with int values, and overflowing that data type. The bug has existed since the creation of the file contrib/japanese/gdevnpdl.c
The calculation of the buffer size was being done with int values, and overflowing that data type. By leaving the total size calculation to the memory manager, the calculation ends up being done in size_t values, and avoiding the overflow in this case, but also meaning the memory manager overflow protection will be effective.
Fixed in ghostpdl-10.05.0
Info: https://bugs.ghostscript.com/show_bug.cgi?id=708133
Patch: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=57291c846334f1585552010faa42d7cb2cbd5c41 (CVE-2025-27832)
Potential print buffer overflow. Fixed in ghostpdl-10.05.0 by implementing stricter buffer length validation.
Info: https://bugs.ghostscript.com/show_bug.cgi?id=708192
Patch: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=8b6d19b2b4079da6863ef25f2370f25d4b054919 (ghostpdl-10.05.0) (CVE-2025-27836)
Affected Packages:
ghostscript
Issue Correction:
Run yum update ghostscript to update your system.
i686:
ghostscript-8.70-24.34.amzn1.i686
ghostscript-devel-8.70-24.34.amzn1.i686
ghostscript-doc-8.70-24.34.amzn1.i686
ghostscript-debuginfo-8.70-24.34.amzn1.i686
src:
ghostscript-8.70-24.34.amzn1.src
x86_64:
ghostscript-doc-8.70-24.34.amzn1.x86_64
ghostscript-8.70-24.34.amzn1.x86_64
ghostscript-debuginfo-8.70-24.34.amzn1.x86_64
ghostscript-devel-8.70-24.34.amzn1.x86_64