PoC exploit published for fresh vulnerability in Ghostscript

fresh vulnerability in Ghostscript

A PoC exploit for a fresh vulnerability in Ghostscript was presented this week. The issue endangers all servers using this component.

The exploit was published by a Vietnamese information security specialist who is known online under the pseudonym Nguyen The Duc. The code is already available on GitHub, and the effectiveness of the exploit has been confirmed by several leading researchers.

Ghostscript, which dates back to 1988, is a small library that allows applications to process PDF documents and PostScript-based files. While Ghostscript is primarily used in desktop software, it is also used on the server side as it is often included in image converting and file uploading toolkits such as ImageMagick.

The exploit introduced this week allows an attacker to download a malformed SVG file that escapes the image processor and runs malicious code on the underlying OS.

Interestingly, the vulnerability for which the exploit was created was not discovered by Nguyen The Duc. The credit goes to Emil Lerner, CTO and founder of Wunderfund, who found the bug last year and used it to get rewards from companies like Airbnb, Dropbox and Yandex. Details of the vulnerability went public last month after Lerner gave a talk at the ZeroNight conference.

Here’re slides from my talk at ZeroNights X! A 0-day for GhostScript 9.50, RCE exploit chain for ImageMagick with the default settings from Ubuntu repos and several bug bounty stories inside.Emil Lerner wrote on Twitter.

Additionally, the researcher shared a link to his presentation.

The Record reports that there is still no patch for this vulnerability, moreover, the Artifex company, which is behind the development of Ghostscript, reported that no one had officially notified it about this problem. The company said that it is “more and more frustrated with cybersecurity researchers who neglect the ethical disclosure of potentially dangerous security vulnerabilities,” and promised to release a fix as soon as possible.

Let me remind you that we also admitted that the GitHub Developers Review Exploit Posting Policy Due to Recent Scandal.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *