Critical RCE found in popular Ghostscript open-source PDF library

A critical-severity remote code execution vulnerability has been discovered in Ghostscript, a popular Linux open-source interpreter for the PostScript language and PDF files. All versions of Ghostscript prior to 10.01.2, the most recent version released three weeks ago, are affected by the bug, which is tracked as CVE-2023-36664 and has a CVSS v3 rating of 9.8.

When a malicious, specially constructed file is opened, code execution can be initiated, according to Kroll’s experts G. Glass and D. Truman, who created a proof of concept (PoC) attack for the vulnerability. Opportunities to exploit CVE-2023-36664 are typically ample given that Ghostscript is frequently preinstalled in Linux distributions and utilised by programmes like LibreOffice, GIMP, Inkscape, Scribus, ImageMagick, and the CUPS printing system.

Critical RCE found in popular Ghostscript open-source PDF library

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Critical RCE found in popular Ghostscript open-source PDF library

12-Jul-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address