Ghostscript is an open source suite of software based on an interpreter for Adobe Systems’ PostScriptand Portable Document Format (PDF) page description languages.
Ghostscript is a multiplatform software written in C language, it allows to convert PostScript language files (or EPS) to several raster formats (i.e. PDF, XPS, PCL or PXL).
Many PDF and image editing software such as GIMP and ImageMagick leverage the library to convert file formats.
Ghostscript implements a -dSAFER sandbox protection option that handles untrusted documents, it aims at preventing malicious PostScript operations from being executed.
A couple of years ago, Ormandy disclosed several -dSAFER sandbox escapes in the popular library, at the time he found a few file disclosure, shell command execution, memory corruption and type confusion bugs.
Now Ormandy discovered that the library contains multiple -dSAFER sandbox bypass flaws that could be exploited by a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system.
A remote attacker can trigger the flaw by sending a specially crafted malicious file (i.e. PDF, PS, EPS, or XPS) to the victim. Once the victim has opened the file with an application using vulnerable software, the attacker will be able to execute arbitrary code of the system and to take over it.
Artifex Software, the company that maintains the open source software still hasn’t released any security update to address the vulnerability.
The US-CERT published a security advisory to warn that applications using the Ghostscript library by default to process PostScript content are vulnerable.
“Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system.” reads the security advisory.
“By causing Ghostscript or a program that leverages Ghostscript to parse a specially-crafted file, a remote, unauthenticated attacker may be able to execute arbitrary commands with the privileges of the Ghostscript code.”
Both RedHat and Ubuntu distros have confirmed that they are affected by this vulnerability.
Ormandy recommends Linux distros to disable the processing of PS, EPS, PDF, and XPS content until the vulnerability is fixed.
“I *strongly* suggest that distributions start disabling PS, EPS, PDF and XPS coders in policy.xml by default,” suggested Ormandy.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.