Описание
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.
A flaw was found in Ghostscript. The "Driver" parameter for the "opvp"/"oprp" device specifies the name of a dynamic library and allows any library to be loaded. This flaw allows a malicious user to send a specially crafted document that, when processed by Ghostscript, could potentially lead to arbitrary code execution with the privileges of the Ghostscript process on the system.
Меры по смягчению последствий
Passing the -dSAFER safety argument on the command line prevents the issue by locking security-related variables after Ghostscript’s initialization. In RHEL 9, -dSAFER is enabled by default, ensuring that insecure commands are rejected in a safer environment. This mitigation is equally effective in RHEL 7 and 8 when -dSAFER is explicitly passed on the command line, addressing the vulnerability that allows insecure commands within PostScript files. Since the OPVP device, cannot be removed, we recommend to use -dSAFER in RHEL 7 and 8 as a practical security measure.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | ghostscript | Not affected | ||
| Red Hat Enterprise Linux 6 | ghostscript | Out of support scope | ||
| Red Hat Enterprise Linux 8 | gimp:flatpak/ghostscript | Affected | ||
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | ghostscript | Fixed | RHSA-2024:4549 | 15.07.2024 |
| Red Hat Enterprise Linux 8 | ghostscript | Fixed | RHSA-2024:4000 | 20.06.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | ghostscript | Fixed | RHSA-2024:4537 | 15.07.2024 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | ghostscript | Fixed | RHSA-2024:4544 | 15.07.2024 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | ghostscript | Fixed | RHSA-2024:4544 | 15.07.2024 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | ghostscript | Fixed | RHSA-2024:4544 | 15.07.2024 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | ghostscript | Fixed | RHSA-2024:4462 | 10.07.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib ...
EPSS
8.8 High
CVSS3