Critical RCE found in popular Ghostscript open-source PDF library

12-Jul-23

A critical-severity remote code execution vulnerability has been discovered in Ghostscript, a popular Linux open-source interpreter for the PostScript language and PDF files. All versions of Ghostscript prior to 10.01.2, the most recent version released three weeks ago, are affected by the bug, which is tracked as CVE-2023-36664 and has a CVSS v3 rating of 9.8.

When a malicious, specially constructed file is opened, code execution can be initiated, according to Kroll’s experts G. Glass and D. Truman, who created a proof of concept (PoC) attack for the vulnerability. Opportunities to exploit CVE-2023-36664 are typically ample given that Ghostscript is frequently preinstalled in Linux distributions and utilised by programmes like LibreOffice, GIMP, Inkscape, Scribus, ImageMagick, and the CUPS printing system.

Read More…