Experts predict the new Ghostscript vulnerability will cause various cybersecurity breaches in the following months.
Ghostscript is a Postscript and Adobe PDF interpreter that allows Windows, MacOS, and other embedded OS and platforms users to view, print, and convert PDF and picture files. Many vendors include it as a default installation, while some packages use it indirectly to support printing or conversion features.
The format string bug, identified as CVE-2024-29510, was first reported to the Ghostscript team earlier this year and was eventually mitigated in April’s version 10.03.1 of the open-source interpreter for PostScript and PDF files.
However, a blog from the researcher who discovered the vulnerability has created a surge of interest in the potential exploit since it was made public. One of these interests came from an attempt to perform remote code execution (RCE) on Ghostscript-running workstations by bypassing the—dSAFER sandbox.
The experiment showed that the vulnerability substantially impacts web applications and other services that provide document conversion and preview functionality because they frequently employ Ghostscript behind the scenes.
The widespread usage of Ghostscript could breed various exploitation attempts.
Numerous platforms on the internet employ the Ghostscript feature, which can power functionality such as preview images in cloud storage and chat services. Moreover, it is frequently triggered when images are produced and used for PDF conversion, printing, and optical character recognition operations.
On the other hand, the project’s development team decided to add more robust sandboxing capabilities as Ghostscript grew in popularity. The -dSAFER sandbox is enabled by default and often prevents potentially harmful actions like command execution from occurring.
As of now, the full technical details of the exploit can be found online, including a link to download a proof of concept (PoC) exploit for Linux (x86-64). However, the short version allows attackers to read and write files at will, resulting in RCE on an affected system.
Still, the researchers claimed that the published PoC will not work for everyone immediately because the code requires several variables, such as stack and structure offsets, which may differ depending on a targeted system.