Critical Remote Code Execution Vulnerability in Ghostscript: PoC Released

August 14, 2023

A proof-of-concept (PoC) exploit code for a recently revealed severe security vulnerability in Ghostscript, an open-source PDF library, is now accessible. The vulnerability, tagged as CVE-2023-36664, is a remote code execution flaw with a high severity score of 9.6. It allows a remote attacker to execute malicious operations using a specially crafted file. The defense mechanisms against this exploit are inadequate, raising alarm due to Ghostscript's extensive use across numerous Linux distributions and software, including LibreOffice, GIMP, Inkscape, Scribus, ImageMagick, and the CUPS printing system.

The vulnerability, CVE-2023-36664, is primarily associated with operating system pipes, which facilitate data exchange between different applications. It originates from a specific function in Ghostscript, 'gp_file_name_reduce()', a component that amalgamates multiple paths and simplifies them by eliminating relative path references. If a specifically designed path is fed to this vulnerable function, it overrides the validation mechanisms and paves the way for potential exploitation.

Further compounding the issue, Ghostscript's method of opening a file involves another function, 'gp_validate_path', to verify the safety of the location. However, the vulnerable function alters the location details before this safety check, enabling an attacker to exploit the loophole and force Ghostscript to interact with files in locations that should be off-limits.

The PoC exploit for CVE-2023-36664 was developed by Ákos Jakab. It is triggered by opening a PS (PostScript) or EPS (Embedded Postscript) file on any application that uses Ghostscript. Users of Ghostscript are urged to update to the latest version, 10.01.2, which addresses the vulnerability. Ghostscript can be updated using the package manager of your distribution. If the latest version is not available in your distribution's software repositories, it can be compiled from the source, with instructions available on the Ghostscript website.

In addition to updating Ghostscript, users can protect themselves from this vulnerability by exercising caution when opening files from unfamiliar sources. If the safety of a file is uncertain, it is recommended to avoid opening it.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.