Ghostscript vulnerabilities

Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities, according to an NCCIC security alert.

Applications that leverage Ghostscript, such as ImageMagick, could be remotely exploited by an unauthenticated attacker to execute arbitrary commands and gain control of vulnerable systems.

The threat as described by the National Cybersecurity & Communications Integration Center (NCCIC):

“Ghostscript contains an optional -dSAFER option, which is supposed to prevent unsafe PostScript operations. Multiple PostScript operations bypass the protections provided by -dSAFER, which can allow an attacker to execute arbitrary commands with arbitrary arguments. This vulnerability can also be exploited in applications that leverage Ghostscript, such as ImageMagick.”

There is no long term, practical solution for the issue. However, a workaround is recommended to disable the processing of PS, EPS, PDF, and XPS content coders in ImageMagick policy.xml, according to the advisory.

Multiple vendors are affected to include: Artifex Software, Inc., ImageMagick, Red Hat, Inc., and Ubuntu. Multiple others are still unknown as of Wednesday.

Leave a Reply