Ghostscript Bug CVE-2023-36664: Rogue Documents Could Execute System Commands

July 4, 2023

Ghostscript, an open-source tool used for document composition and PDF file creation, has a bug that could allow malicious documents to run system commands. This software is frequently used behind the scenes by other programs, such as the open-source graphics program Inkscape, and is often preinstalled on systems or incorporated into cloud services.

The bug, known as CVE-2023-36664, was present until the recent release of Ghostscript version 10.01.2. It arose from Ghostscript's handling of filenames for output, which could be manipulated to send the output into a pipe rather than a regular file. This could trick the Ghostscript rendering engine into executing system commands.

Pipes are system objects that act like files, allowing data to be written to them as if they were a disk, but the data doesn't actually end up on the disk. Instead, it is stored in a temporary block of memory, making it useful for sending data from one program to another. However, if a filename with a special form is allowed, indicating a pipeline instead of a file, it could potentially start a command to run.

Ghostscript had such a feature, allowing output to be sent to a specially-formatted filename starting with %pipe% or |, which could potentially launch a command on the victim's computer. This issue was addressed in the latest release, but it highlights the need for careful handling of filenames and outputs in software development.

Latest News

• Critical Remote Code Execution Bug Leaves Over 300,000 Fortinet Firewalls Vulnerable
• Samsung Smartphone Vulnerabilities Likely Exploited by Spyware Vendor Added to CISA 'Must Patch' List
• Critical SAP Vulnerabilities Unveiled, Including Wormable Exploit Chain
• Critical Vulnerability in miniOrange Social Login WordPress Plugin Exposes User Accounts
• High-Severity Security Flaw in Arcserve UDP Backup Software Addressed