A vulnerability in the Ghostscript interpreter used to decipher Adobe Postscript and PDF documents online has come to light after a report by a Google security researcher, Tavis Ormandy, and a bothersome statement by Steve Giguere, an EMEA engineer for Synopsis. As the Ghostcript page descriptive language interpreter is the most commonly employed system in numerous programs and databases, this vulnerability has a mass range of exploit and impact if manipulated.
According to the statement released by Giguere, Ghostscript is an impressively widely adopted interpretation system used in local applications as well as online servers and data management clients to decipher Adobe PostScript and PDF formats. The packages GIMP and ImageMagick for example he notes are integral to web development especially in the context of PDF.
If the associated vulnerability discovered with Ghostscript is exploited, it lends itself to a violation of privacy and a serious data breach through which malicious attackers can gain access to private files. Giguere says that “This Ghostscript exploit is a premium example of cascading dependencies on open source software packages, where the dependency of a core component may not be easily upgraded. Even when a CVE is associated with something like this, and a fix available, there will be a secondary delay whilst packages which incorporate this into their own software like ImageMagick release a version with a fix.”
According to Giguere, this causes second tier delay as mitigation of this depends directly upon authors resolving the issue at its core as soon as it arises, firstly, but that on its own is no use if these resolved components are not uploaded to the web servers and applications that make use of them. The issues must be resolved at the core and then updated where they are directly being used for the sake of effective mitigation. As this is a two step process, it could provide malicious attackers with all the time that they need to exploit this type of vulnerability.
Mitigation tips as of yet stand from Giguere to be: “In the short term, the advice to start disabling PS, EPS, PDF and XPS coders by default is the only defence – until a fix is available. Until then, lock your doors and maybe read paper copies!”