Summary: Ghostscript has released a critical security update (version 10.04.0) addressing multiple vulnerabilities that could lead to remote code execution. These vulnerabilities, stemming from coding errors in handling PostScript and PDF files, pose significant risks to users and systems that utilize Ghostscript for document processing.
Threat Actor: Malicious actors | malicious actors
Victim: Ghostscript users | Ghostscript users
Key Point :
- Multiple critical vulnerabilities in Ghostscript could allow remote code execution through specially crafted PostScript or PDF files.
- Key vulnerabilities include CVE-2024-46951, CVE-2024-46952, CVE-2024-46953, CVE-2024-46954, CVE-2024-46955, and CVE-2024-46956, related to unchecked pointers, buffer overflows, and directory traversal.
- Users are strongly urged to update to version 10.04.0 or later to mitigate exploitation risks.
Popular document rendering engine Ghostscript has released a critical security update addressing multiple vulnerabilities, some of which could lead to remote code execution.
Ghostscript, a widely used interpreter for PostScript and PDF files, has patched a series of security flaws in its latest release, version 10.04.0. The vulnerabilities stem from various coding errors within Ghostscript’s handling of different file formats and data structures. These errors can be exploited by malicious actors crafting specially designed PostScript or PDF files, which, when processed by a vulnerable version of Ghostscript, could trigger the flaws and allow for code execution or information disclosure.
Among the most serious vulnerabilities are:
-
CVE-2024-46951, CVE-2024-46952, CVE-2024-46953, and CVE-2024-46956: These flaws could allow an attacker to execute arbitrary code by exploiting issues related to unchecked pointers, buffer overflows, and out-of-bounds data access. These vulnerabilities exist in various components of Ghostscript, including the PostScript interpreter and PDF handling modules.
CVE-2024-46954: This vulnerability involves overlong UTF-8 encoding and could be exploited to achieve directory traversal, potentially granting attackers access to sensitive files.
CVE-2024-46955: This flaw, while less severe, could lead to an out-of-bounds read, potentially revealing sensitive information.
Given Ghostscript’s role in processing PDF and PostScript files across various applications, these vulnerabilities underscore the critical need for secure document handling, particularly in environments that process external or user-submitted files. The risks associated with arbitrary code execution, path traversal, and buffer overflow vulnerabilities make Ghostscript an attractive target for malicious actors seeking to leverage document-processing vulnerabilities to breach systems.
Users of Ghostscript are strongly urged to update to version 10.04.0 or later to mitigate the risk of exploitation.