Security News > 2023 > July > Critical RCE found in popular Ghostscript open-source PDF library
Ghostscript, an open-source interpreter for PostScript language and PDF files widely used in Linux, has been found vulnerable to a critical-severity remote code execution flaw.
The flaw is tracked as CVE-2023-3664, having a CVSS v3 rating of 9.8, and impacts all versions of Ghostscript before 10.01.2, which is the latest available version released three weeks ago.
When Ghostscript attempts to open a file, it uses another function called "Gp validate path" to check if its location is safe.
Since the vulnerable function changes the location details before that second function's check, it's trivial for an attacker to exploit the loophole and force Ghostscript to deal with files in locations that should be off-limits.
Kroll's analysts created a PoC that is triggered by opening an EPS file on any application using Ghostscript.
If the latest Ghostscript has not been made available yet on your distribution's software channels, it is recommended to compile it from the source code.
News URL
Related news
- Admins better Spring into action over latest critical open source vuln (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- HPE warns of critical RCE flaws in Aruba Networking access points (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Veeam warns of critical RCE bug in Service Provider Console (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-25 | CVE-2023-3664 | Unspecified vulnerability in Fileorganizer 1.0.0/1.0.1/1.0.2 The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server. | 7.2 |