Security News > 2023 > July > Critical RCE found in popular Ghostscript open-source PDF library
Ghostscript, an open-source interpreter for PostScript language and PDF files widely used in Linux, has been found vulnerable to a critical-severity remote code execution flaw.
The flaw is tracked as CVE-2023-3664, having a CVSS v3 rating of 9.8, and impacts all versions of Ghostscript before 10.01.2, which is the latest available version released three weeks ago.
When Ghostscript attempts to open a file, it uses another function called "Gp validate path" to check if its location is safe.
Since the vulnerable function changes the location details before that second function's check, it's trivial for an attacker to exploit the loophole and force Ghostscript to deal with files in locations that should be off-limits.
Kroll's analysts created a PoC that is triggered by opening an EPS file on any application using Ghostscript.
If the latest Ghostscript has not been made available yet on your distribution's software channels, it is recommended to compile it from the source code.
News URL
Related news
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Critical Langflow RCE flaw exploited to hack AI app servers (source)
- SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-25 | CVE-2023-3664 | Unspecified vulnerability in Fileorganizer 1.0.0/1.0.1/1.0.2 The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server. | 7.2 |