Latest Ghostscript vulnerability haunts experts as the next big breach enabler
04-July-24
Infosec circles are awash with chatter about a vulnerability in Ghostscript some experts believe could be the cause of several major breaches in the coming months.…
Ghostscript is a Postscript and Adobe PDF interpreter that lets users of *nix, Windows, MacOS, and various embedded OSes and platforms view, print, and convert PDFs and image files. It is a default installation in many distros, as well as being used indirectly by other packages to support printing or conversion operations. Tracked as CVE-2024-29510 (Tenable designated it CVSS 5.5 – medium), the format string bug was originally reported to the Ghostscript team in March, and later mitigated in April’s version 10.03.1 of the open source interpreter for PostScript and PDF files.
However, the blog of the researcher who discovered the flaw has sparked the first major wave of interest in the vulnerability since it became public.
Thomas Rinsma, lead security analyst at Dutch security shop Codean Labs, found a way to achieve remote code execution (RCE) on machines running Ghostscript after bypassing the -dSAFER sandbox.
“This vulnerability has significant impact on web applications and other services offering document conversion and preview functionalities as these often use Ghostscript under the hood,” said Rinsma.
Here he’s referring to Ghostscript’s wide-ranging use across the web. Most commonly it’s found powering functionality such as preview images in cloud storage and chat programs, and is often invoked when these images are rendered. It’s also heavily used in tasks such as PDF conversion and printing, and can be found powering optical character recognition (OCR) workflows too.
