Page 1 of 1

Critical Flaws in Ghostscript Could Leave Many Systems at Risk of Hacking

Posted: Thu Aug 23, 2018 12:11 pm
by colin_b ... ility.html
Google Project Zero's security researcher has discovered a critical remote code execution (RCE) vulnerability in Ghostscript—an open source interpreter for Adobe Systems' PostScript and PDF page description languages.

Written entirely in C, Ghostscript is a package of software that runs on different platforms, including Windows, macOS, and a wide variety of Unix systems, offering software the ability to convert PostScript language files (or EPS) to many raster formats, such as PDF, XPS, PCL or PXL.

A lot of popular PDF and image editing software, including ImageMagick and GIMP, use Ghostscript library to parse the content and convert file formats.


Ormandy advised Linux distributions to disable the processing of PS, EPS, PDF, and XPS content until the issue is addressed.