Latest Ghostscript vulnerability haunts experts as the next big breach enabler

2024-07-05 12:34

Infosec circles are awash with chatter about a vulnerability in Ghostscript some experts believe could be the cause of several major breaches in the coming months.

Ghostscript is a Postscript and Adobe PDF interpreter that lets users of *nix, Windows, MacOS, and various embedded OSes and platforms view, print, and convert PDFs and image files.

Tracked as CVE-2024-29510, the format string bug was originally reported to the Ghostscript team in March, and later mitigated in April's version 10.03.1 of the open source interpreter for PostScript and PDF files.

Thomas Rinsma, lead security analyst at Dutch security shop Codean Labs, found a way to achieve remote code execution on machines running Ghostscript after bypassing the -dSAFER sandbox.

As Ghostscript became more popular, the dev team behind the project made the call to implement increasingly hardened sandboxing capabilities, Rinsma added.

"Comparing this to CVE-2023-36664, an earlier GhostScript RCE, which was listed as high risk for integrity, availability, and confidentiality, it seems more correct for an RCE," said Robinson.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/07/05/ghostscript_vulnerability_severity/

#breach #ghostscript #vulnerability #CVE-2023-36664 #CVE-2024-29510

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-07-03	CVE-2024-29510	Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.	0.0
2023-06-25	CVE-2023-36664	Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the \| pipe character prefix). local low complexity artifex debian fedoraproject	7.8