Security News > 2023 > July > Critical RCE found in popular Ghostscript open-source PDF library
Ghostscript, an open-source interpreter for PostScript language and PDF files widely used in Linux, has been found vulnerable to a critical-severity remote code execution flaw.
The flaw is tracked as CVE-2023-3664, having a CVSS v3 rating of 9.8, and impacts all versions of Ghostscript before 10.01.2, which is the latest available version released three weeks ago.
When Ghostscript attempts to open a file, it uses another function called "Gp validate path" to check if its location is safe.
Since the vulnerable function changes the location details before that second function's check, it's trivial for an attacker to exploit the loophole and force Ghostscript to deal with files in locations that should be off-limits.
Kroll's analysts created a PoC that is triggered by opening an EPS file on any application using Ghostscript.
If the latest Ghostscript has not been made available yet on your distribution's software channels, it is recommended to compile it from the source code.
News URL
Related news
- Veeam warns of critical RCE bug in Service Provider Console (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Apache issues patches for critical Struts 2 RCE bug (source)
- Open source worldwide: Critical maintenance gaps exposed (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-25 | CVE-2023-3664 | Unspecified vulnerability in Fileorganizer 1.0.0/1.0.1/1.0.2 The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server. | 7.2 |