Ghostscript Vulnerability Could Cause Data Security Breach

A vulnerability in the Ghostscript interpreter used to decipher Adobe Postscript and PDF documents online has come to light after a report by a Google security researcher, Tavis Ormandy, and a bothersome statement by Steve Giguere, an EMEA engineer for Synopsis. As the Ghostcript page descriptive language interpreter is the most commonly employed system in numerous programs and databases, this vulnerability has a mass range of exploit and impact if manipulated.

According to the statement released by Giguere, Ghostscript is an impressively widely adopted interpretation system used in local applications as well as online servers and data management clients to decipher Adobe PostScript and PDF formats. The packages GIMP and ImageMagick for example he notes are integral to web development especially in the context of PDF.

If the associated vulnerability discovered with Ghostscript is exploited, it lends itself to a violation of privacy and a serious data breach through which malicious attackers can gain access to private files. Giguere says that “This Ghostscript exploit is a premium example of cascading dependencies on open source software packages, where the dependency of a core component may not be easily upgraded.  Even when a CVE is associated with something like this, and a fix available, there will be a secondary delay whilst packages which incorporate this into their own software like ImageMagick release a version with a fix.”

According to Giguere, this causes second tier delay as mitigation of this depends directly upon authors resolving the issue at its core as soon as it arises, firstly, but that on its own is no use if these resolved components are not uploaded to the web servers and applications that make use of them. The issues must be resolved at the core and then updated where they are directly being used for the sake of effective mitigation. As this is a two step process, it could provide malicious attackers with all the time that they need to exploit this type of vulnerability.

Mitigation tips as of yet stand from Giguere to be: “In the short term, the advice to start disabling PS, EPS, PDF and XPS coders by default is the only defence – until a fix is available.  Until then, lock your doors and maybe read paper copies!”

Aaron Michael
Aaron Micheal is an electrical engineer by profession and a hard-core gamer by passion. His exceptional experience with computer hardware and profound knowledge in gaming makes him a very competent writer. What makes him unique is his growing interest in the state of the art technologies that motivates him to learn, adopt, and integrate latest techniques into his work.

Expert Tip

Ghostscript Vulnerability Could Cause Data Security Breach

If the issue is with your Computer or a Laptop you should try using Restoro which can scan the repositories and replace corrupt and missing files. This works in most cases, where the issue is originated due to a system corruption. You can download Restoro by clicking the Download button below.

Download Now

I'm not interested