The IT researchers at Kroll have discovered a security vulnerability in Ghostscript that can lead to malicious code being launched when documents are opened. They have also developed a demo exploit (Proof of Concept, PoC) for this. IT managers should quickly install available security updates.
Ghostscript is popular software for displaying and creating Postscript or PDF files, and is particularly well known in the Linux environment. Various programs, such as CUPS, LibreOffice, Inkscape, Scribus, and ImageMagick, use Ghostscript. Windows ports of these programs often come with a Windows version of Ghostscript.
In their analysis, the Kroll employees found that Ghostscript checks the rights of pipe devices, such as those that use %pipe% or the pipe character “|”, correctly. The bug occurs in Ghostscript versions prior to 10.01.2. Since the vulnerability can be exploited by opening prepared documents, caution should be exercised when receiving unsolicited files. Administrators and users should update Ghostscript to the latest version. Debian and other distributions offer bugfixed packages. Kroll also recommends software vendors that include Ghostscript to release updated versions.
Users of programs like ImageMagick, LibreOffice, Inkscape, Scribus, and others should also be on the lookout for software updates and install them as soon as possible. This vulnerability highlights the security issues that can arise in the software supply chain. IT managers can find more information on how to identify and defend against attacks on the software supply chain in an iX article.
