Description

Tavis Ormandy, a Google Project Zero security researcher, has reported many vulnerabilities in Ghostscript, an interpreter for Adobe's PostScript and PDF page description languages. One of the vulnerabilities can lead to remote code execution (RCE) if the application is processing user submitted images. The Ghostscript interpreter is used in many libraries that allow desktop software and web servers to handle PostScript and PDF-based documents. For example, Ghostscript is used inside ImageMagick, Evince, GIMP and other PDF editing or viewing software.

Remediation

For ImageMagick, it's recommended to disable PS, EPS, PDF and XPS coders in ImageMagick's policy.xml configuration file.

References

More Ghostscript Issues

ghostscript: multiple critical vulnerabilities, including remote command execution

Related Vulnerabilities

WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder Remote Code Execution (2.05.01)

PHP unserialize() used on user input

Grav CMS Unauthenticated RCE (CVE-2021-21425)

PHP4 multiple vulnerabilities

TimThumb WebShot remote code execution

Severity

Critical

Classification

CVE-2016-3714 CWE-78 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Acumonitor