Ghostscript Bug CVE-2023-36664: Rogue Documents Could Execute System Commands

July 4, 2023

Ghostscript, an open-source tool used for document composition and PDF file creation, has a bug that could allow malicious documents to run system commands. This software is frequently used behind the scenes by other programs, such as the open-source graphics program Inkscape, and is often preinstalled on systems or incorporated into cloud services.

The bug, known as CVE-2023-36664, was present until the recent release of Ghostscript version 10.01.2. It arose from Ghostscript's handling of filenames for output, which could be manipulated to send the output into a pipe rather than a regular file. This could trick the Ghostscript rendering engine into executing system commands.

Pipes are system objects that act like files, allowing data to be written to them as if they were a disk, but the data doesn't actually end up on the disk. Instead, it is stored in a temporary block of memory, making it useful for sending data from one program to another. However, if a filename with a special form is allowed, indicating a pipeline instead of a file, it could potentially start a command to run.

Ghostscript had such a feature, allowing output to be sent to a specially-formatted filename starting with %pipe% or |, which could potentially launch a command on the victim's computer. This issue was addressed in the latest release, but it highlights the need for careful handling of filenames and outputs in software development.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.