Ghostscript Updated
Moderators: helmut, XnTriq, xnview
-
buffiman42
- Posts: 1
- Joined: Fri Sep 23, 2022 6:51 am
- Location: NYC USA
Re: Ghostscript Updated
useful information
Re: Ghostscript Updated
Ghostscript 10.02.0 (2023-09-13)
Highlights in this release include:
The old, PostScript based PDF interpreter has been removed, it is no longer available.
We've continued to improve the performance of the PDF interpreter written in C and improve it's behaviour in edge and out-of-specification cases.
Our efforts in code hygiene and maintainability continue, with a particular focus on fuzz testing.
The usual round of bug fixes, compatibility changes, and incremental improvements.
(9.53.0) We have added the capability to build with the Tesseract OCR engine. In such a build, new devices are available (pdfocr8/pdfocr24/pdfocr32) which render the output file to an image, OCR that image, and output the image "wrapped" up as a PDF file, with the OCR generated text information included as "invisible" text (in PDF terms, text rendering mode 3).
Mainly due to time constraints, we only support including Tesseract from source included in our release packages, and not linking to Tesseract/Leptonica shared libraries. Whether we add this capability will be largely dependent on community demand for the feature.
Download
https://www.ghostscript.com/releases/index.html
Highlights in this release include:
The old, PostScript based PDF interpreter has been removed, it is no longer available.
We've continued to improve the performance of the PDF interpreter written in C and improve it's behaviour in edge and out-of-specification cases.
Our efforts in code hygiene and maintainability continue, with a particular focus on fuzz testing.
The usual round of bug fixes, compatibility changes, and incremental improvements.
(9.53.0) We have added the capability to build with the Tesseract OCR engine. In such a build, new devices are available (pdfocr8/pdfocr24/pdfocr32) which render the output file to an image, OCR that image, and output the image "wrapped" up as a PDF file, with the OCR generated text information included as "invisible" text (in PDF terms, text rendering mode 3).
Mainly due to time constraints, we only support including Tesseract from source included in our release packages, and not linking to Tesseract/Leptonica shared libraries. Whether we add this capability will be largely dependent on community demand for the feature.
Download
https://www.ghostscript.com/releases/index.html
AMD Ryzen 3 3300X 3.8Ghz, 16Gb DDR4, RX6600XT with Dell U2520D at 2560x1440@60Hz scaling 125%
Win11 x64 24H2, Hard Disk Sentinel Pro, MS PowerToys, Process Lasso Pro and Wintoys
Win11 x64 24H2, Hard Disk Sentinel Pro, MS PowerToys, Process Lasso Pro and Wintoys
Ghostscript 10.02.1
Version 10.02.1 (2023-11-01)
Highlights in this release include:
Security Advisory
November 1, 2023: Ghostscript/GhostPDL 10.02.1 release fixes CVE-2023-46751.
CVE-2023-46751 affects all Ghostscript/GhostPDL versions prior to 10.02.1.
CVE-2023-46751 is a shell command injection/remote code execution risk, so we recommend upgrading to version 10.02.1 as a matter of urgency
- The old, PostScript based PDF interpreter has been removed, it is no longer available.
- We've continued to improve the performance of the PDF interpreter written in C and improve it's behaviour in edge and out-of-specification cases.
- Our efforts in code hygiene and maintainability continue, with a particular focus on fuzz testing.
- The usual round of bug fixes, compatibility changes, and incremental improvements.
Source: https://ghostscript.readthedocs.io/en/g ... /News.html
Download: https://www.ghostscript.com/releases/index.html
Highlights in this release include:
Security Advisory
November 1, 2023: Ghostscript/GhostPDL 10.02.1 release fixes CVE-2023-46751.
CVE-2023-46751 affects all Ghostscript/GhostPDL versions prior to 10.02.1.
CVE-2023-46751 is a shell command injection/remote code execution risk, so we recommend upgrading to version 10.02.1 as a matter of urgency
- The old, PostScript based PDF interpreter has been removed, it is no longer available.
- We've continued to improve the performance of the PDF interpreter written in C and improve it's behaviour in edge and out-of-specification cases.
- Our efforts in code hygiene and maintainability continue, with a particular focus on fuzz testing.
- The usual round of bug fixes, compatibility changes, and incremental improvements.
Source: https://ghostscript.readthedocs.io/en/g ... /News.html
Download: https://www.ghostscript.com/releases/index.html
AMD Ryzen 3 3300X 3.8Ghz, 16Gb DDR4, RX6600XT with Dell U2520D at 2560x1440@60Hz scaling 125%
Win11 x64 24H2, Hard Disk Sentinel Pro, MS PowerToys, Process Lasso Pro and Wintoys
Win11 x64 24H2, Hard Disk Sentinel Pro, MS PowerToys, Process Lasso Pro and Wintoys
Ghostscript 10.03.0 (2024-03-06)
Highlights in this release include:
A vulnerability was identified in the way Ghostscript/GhostPDL called tesseract for the OCR devices, which could allow arbitrary code execution. As as result, we strongly urge anyone including the OCR devices in their build to update as soon as possible.
As of this release (10.03.0) pdfwrite creates PDF files with XRef streams and ObjStm streams. This can result in considerably smaller PDF output files. See Vector Devices for more details.
Ghostscript/pdfwrite now supports passing through PDF "Optional Content".
Our efforts in code hygiene and maintainability continue.
The usual round of bug fixes, compatibility changes, and incremental improvements.
(9.53.0) We have added the capability to build with the Tesseract OCR engine. In such a build, new devices are available (pdfocr8/pdfocr24/pdfocr32) which render the output file to an image, OCR that image, and output the image "wrapped" up as a PDF file, with the OCR generated text information included as "invisible" text (in PDF terms, text rendering mode 3).
Mainly due to time constraints, we only support including Tesseract from source included in our release packages, and not linking to Tesseract/Leptonica shared libraries. Whether we add this capability will be largely dependent on community demand for the feature.
Source: https://ghostscript.readthedocs.io/en/g ... nline-link
Download: https://www.ghostscript.com/releases/index.html
Highlights in this release include:
A vulnerability was identified in the way Ghostscript/GhostPDL called tesseract for the OCR devices, which could allow arbitrary code execution. As as result, we strongly urge anyone including the OCR devices in their build to update as soon as possible.
As of this release (10.03.0) pdfwrite creates PDF files with XRef streams and ObjStm streams. This can result in considerably smaller PDF output files. See Vector Devices for more details.
Ghostscript/pdfwrite now supports passing through PDF "Optional Content".
Our efforts in code hygiene and maintainability continue.
The usual round of bug fixes, compatibility changes, and incremental improvements.
(9.53.0) We have added the capability to build with the Tesseract OCR engine. In such a build, new devices are available (pdfocr8/pdfocr24/pdfocr32) which render the output file to an image, OCR that image, and output the image "wrapped" up as a PDF file, with the OCR generated text information included as "invisible" text (in PDF terms, text rendering mode 3).
Mainly due to time constraints, we only support including Tesseract from source included in our release packages, and not linking to Tesseract/Leptonica shared libraries. Whether we add this capability will be largely dependent on community demand for the feature.
Source: https://ghostscript.readthedocs.io/en/g ... nline-link
Download: https://www.ghostscript.com/releases/index.html
AMD Ryzen 3 3300X 3.8Ghz, 16Gb DDR4, RX6600XT with Dell U2520D at 2560x1440@60Hz scaling 125%
Win11 x64 24H2, Hard Disk Sentinel Pro, MS PowerToys, Process Lasso Pro and Wintoys
Win11 x64 24H2, Hard Disk Sentinel Pro, MS PowerToys, Process Lasso Pro and Wintoys
Ghostscript 10.03.1 (2024-05-02)
Highlights in this release include:
Fixes for CVE-2024-33869, CVE-2023-52722, CVE-2024-33870, CVE-2024-33871 and CVE-2024-29510
IMPORTANT: For the 10.04.0 release (fall/autumn 2024) we will be adding protection for device selection from PostScript input. This will mean that, by default, only the device specified on the command line will be permitted. Similar to the file permissions, there will be a "--permit-devices=" allowing a comma separation list of allowed devices. This will also take a single wildcard "*" allowing any device.
Any application which relies on allowing PostScript to change devices during a job will have to be aware, and take action to deal with this change.
The exception is "nulldevice", switching to that requires no special action.
A vulnerability was identified in the way Ghostscript/GhostPDL called tesseract for the OCR devices, which could allow arbitrary code execution. As as result, we strongly urge anyone including the OCR devices in their build to update as soon as possible.
As of this release (10.03.1) pdfwrite creates PDF files with XRef streams and ObjStm streams. This can result in considerably smaller PDF output files. See Vector Devices for more details.
Ghostscript/pdfwrite now supports passing through PDF "Optional Content".
Our efforts in code hygiene and maintainability continue.
The usual round of bug fixes, compatibility changes, and incremental improvements.
(9.53.0) We have added the capability to build with the Tesseract OCR engine. In such a build, new devices are available (pdfocr8/pdfocr24/pdfocr32) which render the output file to an image, OCR that image, and output the image "wrapped" up as a PDF file, with the OCR generated text information included as "invisible" text (in PDF terms, text rendering mode 3).
Mainly due to time constraints, we only support including Tesseract from source included in our release packages, and not linking to Tesseract/Leptonica shared libraries. Whether we add this capability will be largely dependent on community demand for the feature.
See Enabling OCR for more details.
For a list of open issues, or to report problems, please visit bugs.ghostscript.com.
Incompatible changes
Included below are incompatible changes from recent releases (the specific release in question is listed in parentheses). We include these, for now, as we are aware that not everyone upgrades with every release.
(10.03.1) Almost all the "internal" PostScript procedures defined during the interpreter startup are now "executeonly", further reducing the attack surface of the interpreter.
The nature of these procedures means there should be no impact for legitimate usage, but it is possible it will impact uses which abuse the previous accessibility (even for legitimate reasons). Such cases may now require "DELAYBIND", See DELAYBIND
(10.03.1) The "makeimagedevice" non-standard operator has been removed. It allowed low level access to the graphics library in a way that was, essentially impossible to secure.
(10.03.1) The "putdeviceprops", "getdeviceprops", "finddevice", "copydevice", "findprotodevice" non-standard operators have all been removed. They provided functionality that is either accessible through standard operators, or should not be used by user PostScript.
(10.03.1) The process of "tidying" the PostScript namespace should have removed only non-standard and undocumented operators. Nevertheless, it is possible that any integrations or utilities that rely on those non-standard and undocumented operators may stop working or may change behaviour.
If you encounter such a case, please contact us (Discord, #ghostscript IRC channel, or the gs-devel mailing list would be best), and we'll work with you to either find an alternative solution or return the previous functionality, if there is genuinely no other option.
Source: https://ghostscript.readthedocs.io/en/g ... /News.html
Download: https://www.ghostscript.com/releases/index.html
Highlights in this release include:
Fixes for CVE-2024-33869, CVE-2023-52722, CVE-2024-33870, CVE-2024-33871 and CVE-2024-29510
IMPORTANT: For the 10.04.0 release (fall/autumn 2024) we will be adding protection for device selection from PostScript input. This will mean that, by default, only the device specified on the command line will be permitted. Similar to the file permissions, there will be a "--permit-devices=" allowing a comma separation list of allowed devices. This will also take a single wildcard "*" allowing any device.
Any application which relies on allowing PostScript to change devices during a job will have to be aware, and take action to deal with this change.
The exception is "nulldevice", switching to that requires no special action.
A vulnerability was identified in the way Ghostscript/GhostPDL called tesseract for the OCR devices, which could allow arbitrary code execution. As as result, we strongly urge anyone including the OCR devices in their build to update as soon as possible.
As of this release (10.03.1) pdfwrite creates PDF files with XRef streams and ObjStm streams. This can result in considerably smaller PDF output files. See Vector Devices for more details.
Ghostscript/pdfwrite now supports passing through PDF "Optional Content".
Our efforts in code hygiene and maintainability continue.
The usual round of bug fixes, compatibility changes, and incremental improvements.
(9.53.0) We have added the capability to build with the Tesseract OCR engine. In such a build, new devices are available (pdfocr8/pdfocr24/pdfocr32) which render the output file to an image, OCR that image, and output the image "wrapped" up as a PDF file, with the OCR generated text information included as "invisible" text (in PDF terms, text rendering mode 3).
Mainly due to time constraints, we only support including Tesseract from source included in our release packages, and not linking to Tesseract/Leptonica shared libraries. Whether we add this capability will be largely dependent on community demand for the feature.
See Enabling OCR for more details.
For a list of open issues, or to report problems, please visit bugs.ghostscript.com.
Incompatible changes
Included below are incompatible changes from recent releases (the specific release in question is listed in parentheses). We include these, for now, as we are aware that not everyone upgrades with every release.
(10.03.1) Almost all the "internal" PostScript procedures defined during the interpreter startup are now "executeonly", further reducing the attack surface of the interpreter.
The nature of these procedures means there should be no impact for legitimate usage, but it is possible it will impact uses which abuse the previous accessibility (even for legitimate reasons). Such cases may now require "DELAYBIND", See DELAYBIND
(10.03.1) The "makeimagedevice" non-standard operator has been removed. It allowed low level access to the graphics library in a way that was, essentially impossible to secure.
(10.03.1) The "putdeviceprops", "getdeviceprops", "finddevice", "copydevice", "findprotodevice" non-standard operators have all been removed. They provided functionality that is either accessible through standard operators, or should not be used by user PostScript.
(10.03.1) The process of "tidying" the PostScript namespace should have removed only non-standard and undocumented operators. Nevertheless, it is possible that any integrations or utilities that rely on those non-standard and undocumented operators may stop working or may change behaviour.
If you encounter such a case, please contact us (Discord, #ghostscript IRC channel, or the gs-devel mailing list would be best), and we'll work with you to either find an alternative solution or return the previous functionality, if there is genuinely no other option.
Source: https://ghostscript.readthedocs.io/en/g ... /News.html
Download: https://www.ghostscript.com/releases/index.html
AMD Ryzen 3 3300X 3.8Ghz, 16Gb DDR4, RX6600XT with Dell U2520D at 2560x1440@60Hz scaling 125%
Win11 x64 24H2, Hard Disk Sentinel Pro, MS PowerToys, Process Lasso Pro and Wintoys
Win11 x64 24H2, Hard Disk Sentinel Pro, MS PowerToys, Process Lasso Pro and Wintoys
Re: Ghostscript Updated
Thanks ckit,.. 
What would be useful when new versions are released, would be for someone to check compatibility with current versions of xnview software: XnView MP, XnView Classic and NConvert.
Unfortunately, Ghostscript updates have on at least two occasions in recent years broken compatibility, and as in practice some PDF files fail to be recognised for still unknown reasons, confirmation of proven compatibility would be useful.
I'm afraid that I'm not offering...
What would be useful when new versions are released, would be for someone to check compatibility with current versions of xnview software: XnView MP, XnView Classic and NConvert.
Unfortunately, Ghostscript updates have on at least two occasions in recent years broken compatibility, and as in practice some PDF files fail to be recognised for still unknown reasons, confirmation of proven compatibility would be useful.
I'm afraid that I'm not offering...
Ghostscript 10.05.0 (2025-03-12)
Highlights in this release include:
This release addresses CVEs: CVE-2025-27835, CVE-2025-27832, CVE-2025-27831, CVE-2025-27836, CVE-2025-27830, CVE-2025-27833, CVE-2025-27837, CVE-2025-27834
In addition one other security fix for which a CVE is pending which will be added to the online version of this document when assigned: News
The 10.05.0 release deprecates the non-standard operator "selectdevice", all code should now be using the standard "setpagedevice" operator. "selectdevice" will be removed in the 10.06.0 release.
We now support production of PDF/X-1a and PDF/X-4a in addition to the existing support for PDF/X-3
IMPORTANT: In the 10.04.0 release we added protection for device selection from PostScript input. This will mean that, by default, only the device specified on the command line will be permitted. Similar to the file permissions, there will be a "--permit-devices=" allowing a comma separation list of allowed devices. This will also take a single wildcard "*" allowing any device.
Any application which relies on allowing PostScript to change devices during a job will have to be aware, and take action to deal with this change.
The exception is "nulldevice", switching to that requires no special action.
Our efforts in code hygiene and maintainability continue.
The usual round of bug fixes, compatibility changes, and incremental improvements.
(9.53.0) We have added the capability to build with the Tesseract OCR engine. In such a build, new devices are available (pdfocr8/pdfocr24/pdfocr32) which render the output file to an image, OCR that image, and output the image "wrapped" up as a PDF file, with the OCR generated text information included as "invisible" text (in PDF terms, text rendering mode 3).
Mainly due to time constraints, we only support including Tesseract from source included in our release packages, and not linking to Tesseract/Leptonica shared libraries. Whether we add this capability will be largely dependent on community demand for the feature.
Source: https://ghostscript.readthedocs.io/en/g ... /News.html
Download: https://www.ghostscript.com/releases/index.html
Highlights in this release include:
This release addresses CVEs: CVE-2025-27835, CVE-2025-27832, CVE-2025-27831, CVE-2025-27836, CVE-2025-27830, CVE-2025-27833, CVE-2025-27837, CVE-2025-27834
In addition one other security fix for which a CVE is pending which will be added to the online version of this document when assigned: News
The 10.05.0 release deprecates the non-standard operator "selectdevice", all code should now be using the standard "setpagedevice" operator. "selectdevice" will be removed in the 10.06.0 release.
We now support production of PDF/X-1a and PDF/X-4a in addition to the existing support for PDF/X-3
IMPORTANT: In the 10.04.0 release we added protection for device selection from PostScript input. This will mean that, by default, only the device specified on the command line will be permitted. Similar to the file permissions, there will be a "--permit-devices=" allowing a comma separation list of allowed devices. This will also take a single wildcard "*" allowing any device.
Any application which relies on allowing PostScript to change devices during a job will have to be aware, and take action to deal with this change.
The exception is "nulldevice", switching to that requires no special action.
Our efforts in code hygiene and maintainability continue.
The usual round of bug fixes, compatibility changes, and incremental improvements.
(9.53.0) We have added the capability to build with the Tesseract OCR engine. In such a build, new devices are available (pdfocr8/pdfocr24/pdfocr32) which render the output file to an image, OCR that image, and output the image "wrapped" up as a PDF file, with the OCR generated text information included as "invisible" text (in PDF terms, text rendering mode 3).
Mainly due to time constraints, we only support including Tesseract from source included in our release packages, and not linking to Tesseract/Leptonica shared libraries. Whether we add this capability will be largely dependent on community demand for the feature.
Source: https://ghostscript.readthedocs.io/en/g ... /News.html
Download: https://www.ghostscript.com/releases/index.html
AMD Ryzen 3 3300X 3.8Ghz, 16Gb DDR4, RX6600XT with Dell U2520D at 2560x1440@60Hz scaling 125%
Win11 x64 24H2, Hard Disk Sentinel Pro, MS PowerToys, Process Lasso Pro and Wintoys
Win11 x64 24H2, Hard Disk Sentinel Pro, MS PowerToys, Process Lasso Pro and Wintoys
Re: Ghostscript Updated
Ghostscript 10.05.1 (2025-04-29)
Highlights in this release include:
The 10.05.1 patch release addresses:
An overflow issue in Freetype on platforms where long is a 4 byte (rather than 8 byte) type (Microsoft Windows, for example) causing corrupted glyph rendering at higher resolutions
An issue with embedded files, affecting Zugferd format PDF creation.
Broken logic in PDF Optional Content processing
Potential slow down due to searching for identifiable font files
A small number of extreme edge case segmentation faults.
This release addresses CVEs: CVE-2025-27835, CVE-2025-27832, CVE-2025-27831, CVE-2025-27836, CVE-2025-27830, CVE-2025-27833, CVE-2025-27837, CVE-2025-27834, CVE-2025-46646
The 10.05.1 release deprecates the non-standard operator "selectdevice", all code should now be using the standard "setpagedevice" operator. "selectdevice" will be removed in the 10.06.0 release.
We now support production of PDF/X-1a and PDF/X-4a in addition to the existing support for PDF/X-3
IMPORTANT: In the 10.04.0 release we added protection for device selection from PostScript input. This will mean that, by default, only the device specified on the command line will be permitted. Similar to the file permissions, there will be a "--permit-devices=" allowing a comma separation list of allowed devices. This will also take a single wildcard "*" allowing any device.
Any application which relies on allowing PostScript to change devices during a job will have to be aware, and take action to deal with this change.
The exception is "nulldevice", switching to that requires no special action.
Our efforts in code hygiene and maintainability continue.
The usual round of bug fixes, compatibility changes, and incremental improvements.
(9.53.0) We have added the capability to build with the Tesseract OCR engine. In such a build, new devices are available (pdfocr8/pdfocr24/pdfocr32) which render the output file to an image, OCR that image, and output the image "wrapped" up as a PDF file, with the OCR generated text information included as "invisible" text (in PDF terms, text rendering mode 3).
Mainly due to time constraints, we only support including Tesseract from source included in our release packages, and not linking to Tesseract/Leptonica shared libraries. Whether we add this capability will be largely dependent on community demand for the feature.
Source: https://ghostscript.readthedocs.io/en/g ... /News.html
Download: https://www.ghostscript.com/releases/index.html
Highlights in this release include:
The 10.05.1 patch release addresses:
An overflow issue in Freetype on platforms where long is a 4 byte (rather than 8 byte) type (Microsoft Windows, for example) causing corrupted glyph rendering at higher resolutions
An issue with embedded files, affecting Zugferd format PDF creation.
Broken logic in PDF Optional Content processing
Potential slow down due to searching for identifiable font files
A small number of extreme edge case segmentation faults.
This release addresses CVEs: CVE-2025-27835, CVE-2025-27832, CVE-2025-27831, CVE-2025-27836, CVE-2025-27830, CVE-2025-27833, CVE-2025-27837, CVE-2025-27834, CVE-2025-46646
The 10.05.1 release deprecates the non-standard operator "selectdevice", all code should now be using the standard "setpagedevice" operator. "selectdevice" will be removed in the 10.06.0 release.
We now support production of PDF/X-1a and PDF/X-4a in addition to the existing support for PDF/X-3
IMPORTANT: In the 10.04.0 release we added protection for device selection from PostScript input. This will mean that, by default, only the device specified on the command line will be permitted. Similar to the file permissions, there will be a "--permit-devices=" allowing a comma separation list of allowed devices. This will also take a single wildcard "*" allowing any device.
Any application which relies on allowing PostScript to change devices during a job will have to be aware, and take action to deal with this change.
The exception is "nulldevice", switching to that requires no special action.
Our efforts in code hygiene and maintainability continue.
The usual round of bug fixes, compatibility changes, and incremental improvements.
(9.53.0) We have added the capability to build with the Tesseract OCR engine. In such a build, new devices are available (pdfocr8/pdfocr24/pdfocr32) which render the output file to an image, OCR that image, and output the image "wrapped" up as a PDF file, with the OCR generated text information included as "invisible" text (in PDF terms, text rendering mode 3).
Mainly due to time constraints, we only support including Tesseract from source included in our release packages, and not linking to Tesseract/Leptonica shared libraries. Whether we add this capability will be largely dependent on community demand for the feature.
Source: https://ghostscript.readthedocs.io/en/g ... /News.html
Download: https://www.ghostscript.com/releases/index.html
AMD Ryzen 3 3300X 3.8Ghz, 16Gb DDR4, RX6600XT with Dell U2520D at 2560x1440@60Hz scaling 125%
Win11 x64 24H2, Hard Disk Sentinel Pro, MS PowerToys, Process Lasso Pro and Wintoys
Win11 x64 24H2, Hard Disk Sentinel Pro, MS PowerToys, Process Lasso Pro and Wintoys