GhostScript RCE (Remote Code Execution)

Description
  • Tavis Ormandy, a Google Project Zero security researcher, has reported many vulnerabilities in Ghostscript, an interpreter for Adobe's PostScript and PDF page description languages. One of the vulnerabilities can lead to remote code execution (RCE) if the application is processing user submitted images. The Ghostscript interpreter is used in many libraries that allow desktop software and web servers to handle PostScript and PDF-based documents. For example, Ghostscript is used inside ImageMagick, Evince, GIMP and other PDF editing or viewing software.
Remediation
  • For ImageMagick, it's recommended to disable PS, EPS, PDF and XPS coders in ImageMagick's policy.xml configuration file.
References