Skip to main content

GhostScript dSAFER Sandbox Bypass Vulnerabilities

Security researchers have discovered vulnerabilities that can bypass the optional dSAFER sandbox feature in GhostScript, which could give attackers an opportunity to achieve remote code execution on a target system.
Threat ID:
CC-2629
Category:
Exploit
Threat Severity:
Medium
Threat Vector:
Vulnerability
Published:
23 August 2018 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Security researchers have discovered vulnerabilities that can bypass the optional dSAFER sandbox feature in GhostScript, which could give attackers an opportunity to achieve remote code execution on a target system.

Threat details

GhostScript is a software suite that renders PostScript (PS) and PDF documents. The dSAFER feature is intended to prevent unsafe PS operations, however multiple operations have been found to bypass dSAFER protections. These operations could be embedded within a specially-crafted file.

The vulnerabilities can be exploited in GhostScript itself and in applications that utilise GhostScript such as ImageMagick and GraphicsMagick.

Remediation steps

Type Step
  • There is currently no patch available to address this vulnerability, however, if the processing of PS, EPS, PDF and XPS content is not required, some applications have configuration options or security policies that can disable this feature altogether.
  • GhostScript and applications that use GhostScript should be kept up-to-date with future patches that may be released.

Last edited: 17 February 2020 12:43 pm