Security Affairs
INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|Fake VPN and 7-Zip Apps Turn Victims Into Residential Proxy Nodes|Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation|A Hacker Claims 35 GB of Accenture Source Code. The Company discloses the data breach|Telegram-Hosted RedWing Malware Lets Anyone Rent Android Spyware Tools|U.S. CISA adds Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder flaws to its Known Exploited Vulnerabilities catalog|CISA Deploys Anthropic’s Mythos AI to Hunt Vulnerabilities in U.S. Government Code|Critical Gitea Docker Bug Under Active Exploitation Exposes Repositories and Secrets|Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|Fake VPN and 7-Zip Apps Turn Victims Into Residential Proxy Nodes|Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation|A Hacker Claims 35 GB of Accenture Source Code. The Company discloses the data breach|Telegram-Hosted RedWing Malware Lets Anyone Rent Android Spyware Tools|U.S. CISA adds Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder flaws to its Known Exploited Vulnerabilities catalog|CISA Deploys Anthropic’s Mythos AI to Hunt Vulnerabilities in U.S. Government Code|Critical Gitea Docker Bug Under Active Exploitation Exposes Repositories and Secrets|Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

A critical remote code execution flaws in Ghostscript could allow to completely take over affected system

The popular Google Project Zero white hat hacker Tavis Ormandy has found a critical remote code execution (RCE) vulnerability in Ghostscript. Ghostscript is an open source suite of software based on an interpreter for Adobe Systems’ PostScriptand Portable Document Format (PDF) page description languages. Ghostscript is a multiplatform software written in C language, it allows to convert PostScript language files (or EPS) to […]

ghostscript

The popular Google Project Zero white hat hacker Tavis Ormandy has found a critical remote code execution (RCE) vulnerability in Ghostscript.

Ghostscript is an open source suite of software based on an interpreter for Adobe Systems’ PostScriptand Portable Document Format (PDF) page description languages.

Ghostscript is a multiplatform software written in C language, it allows to convert PostScript language files (or EPS) to several raster formats (i.e. PDF, XPS, PCL or PXL).

Many PDF and image editing software such as GIMP and ImageMagick leverage the library to convert file formats.

Ghostscript implements a -dSAFER sandbox protection option that handles untrusted documents, it aims at preventing malicious PostScript operations from being executed.

A couple of years ago, Ormandy disclosed several -dSAFER sandbox escapes in the popular library, at the time he found a few file disclosure, shell command execution, memory corruption and type confusion bugs.

Now Ormandy discovered that the library contains multiple -dSAFER sandbox bypass flaws that could be exploited by a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system.

A remote attacker can trigger the flaw by sending a specially crafted malicious file (i.e. PDF, PS, EPS, or XPS) to the victim. Once the victim has opened the file with an application using vulnerable software, the attacker will be able to execute arbitrary code of the system and to take over it.

Artifex Software, the company that maintains the open source software still hasn’t released any security update to address the vulnerability.

The US-CERT published a security advisory to warn that applications using the Ghostscript library by default to process PostScript content are vulnerable.

“Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system.” reads the security advisory.

“By causing Ghostscript or a program that leverages Ghostscript to parse a specially-crafted file, a remote, unauthenticated attacker may be able to execute arbitrary commands with the privileges of the Ghostscript code.”

ghostscript

Both RedHat and Ubuntu distros have confirmed that they are affected by this vulnerability.

Ormandy recommends Linux distros to disable the processing of PS, EPS, PDF, and XPS content until the vulnerability is fixed.

“I *strongly* suggest that distributions start disabling PS, EPS, PDF and XPS coders in policy.xml by default,” suggested Ormandy.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – RCE, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]