A PoC exploit for a fresh vulnerability in Ghostscript was presented this week. The issue endangers all servers using this component.
The exploit was published by a Vietnamese information security specialist who is known online under the pseudonym Nguyen The Duc. The code is already available on GitHub, and the effectiveness of the exploit has been confirmed by several leading researchers.
— Will Dormann (@wdormann) September 5, 2021
Ghostscript, which dates back to 1988, is a small library that allows applications to process PDF documents and PostScript-based files. While Ghostscript is primarily used in desktop software, it is also used on the server side as it is often included in image converting and file uploading toolkits such as ImageMagick.
The exploit introduced this week allows an attacker to download a malformed SVG file that escapes the image processor and runs malicious code on the underlying OS.
Interestingly, the vulnerability for which the exploit was created was not discovered by Nguyen The Duc. The credit goes to Emil Lerner, CTO and founder of Wunderfund, who found the bug last year and used it to get rewards from companies like Airbnb, Dropbox and Yandex. Details of the vulnerability went public last month after Lerner gave a talk at the ZeroNight conference.
Additionally, the researcher shared a link to his presentation.
The Record reports that there is still no patch for this vulnerability, moreover, the Artifex company, which is behind the development of Ghostscript, reported that no one had officially notified it about this problem. The company said that it is “more and more frustrated with cybersecurity researchers who neglect the ethical disclosure of potentially dangerous security vulnerabilities,” and promised to release a fix as soon as possible.
Let me remind you that we also admitted that the GitHub Developers Review Exploit Posting Policy Due to Recent Scandal.