Ghostscript Impacted by Multiple -dSAFER Sandbox Bypass Vulnerabilities
Unpatched vulnerabilities in Ghostscript impact a broad range of popular software products, including several Linux distributions, CERT/CC reveals in a Tuesday alert.
Ghostscript, a suite of software based on an interpreter for Adobe’s PostScript and PDF page description languages, is widely used across stand-alone and web applications, including packages such as GIMP and ImageMagick.
The same as other highly popular software out there, vulnerabilities in Ghostscript are valuable targets for both cybercriminals and threat actors, and such flaws have been already abused by North Korea-linked hackers.
Now, Google Project Zero security researcher Tavis Ormandy says that Ghostscript is impacted by multiple critical vulnerabilities and that “ImageMagick, Evince, GIMP, and most other PDF/PS tools” are impacted as well.
In addition to several -dSAFER sandbox escapes reported a few years ago, the popular interpreter is also impacted by “a few file disclosure, shell command execution, memory corruption and type confusion bugs,” the researcher says.
Although there is a -dSAFER option to prevent unsafe PostScript operations, there are numerous operations that bypass the protections provided by -dSAFER, thus allowing an attacker to execute arbitrary commands with arbitrary arguments, the CERT/CC warns.
In their alert, CERT/CC notes not only that there are multiple -dSAFER sandbox bypass vulnerabilities impacting Ghostscript, but also that these are inherited in all applications that leverage the interpreter. These flaws could be exploited by an unauthenticated attacker for remote command execution.
Artifex Software, ImageMagick, Red Hat, and Ubuntu products have been already found to be affected, but other products might be impacted as well. Thus, CERT/CC decided to warn all major software companies on the issue.
One solution to the issue, Ormandy notes, is to disable all the ghostscript coders in policy.xml. CERT/CC also advises the use of policy.xml security policy to disable the processing of PS, EPS, PDF, and XPS content.
“In the short term the advice for distribution to start disabling PS, EPS, PDF and XPS coders by default is the only defense until a fix is available,” Stephen Giguere, Sales Engineer at Synopsys, confirms in an emailed statement for SecurityWeek.
“Ghostscript is used pretty much everywhere and has been for a very long time. Packages like GIMP (a Photoshop alternative) but more important for web applications, ImageMagick are prevalent to the extent of being standard for the processing of PDF files. This exploit has the potential for file system access leading to sensitive data leak and more as it can be the beachhead opportunity for a more comprehensive data breach,” Giguere says.