Cybersecurity Threat Advisory: RCE vulnerability in Ghostscript

Cybersecurity Threat Advisory

Cybersecurity Threat Advisory

A Ghostscript remote code execution (RCE) vulnerability, tracked as CVE-2024-29510 (with a CVSS rating of 5.5), is currently being exploited. This exploit can allow attackers to bypass the -dSAFER sandbox and execute code remotely. Review this Cybersecurity Threat Advisory to learn how to mitigate risks associated with this vulnerability.

What is the threat?

This vulnerability was originally discovered in March and was subsequently patched by the Ghostscript team in April with version 10.03.1 of their open-source interpreter. However, due to a flaw in uniprint, or “universal printer device”, outdated Ghostscript devices are failing to detect or prevent changes to uniprint device argument strings once a sandbox is activated. Attackers can exploit the vulnerability to escape the -dSAFER sandbox and deploy remote code execution on these machines.

Why is it noteworthy?

Ghostscript is used in various applications for processing user-supplied files including Windows, Linux, macOS, and others. As a result of its widespread use,  developers have implemented numerous sandboxing features to prevent its abuse. CVE-2024-29510 can significantly impact web applications and other services that offer document conversion and preview functionalities who are using Ghostscript.

What is the exposure or risk?

CVE-2024-29510 affects all Ghostscript devices with 10.03.0 and earlier installations. Fortunately, this exploit won’t immediately work on every system because the code assumes many different factors such as stack and structure offsets, which vary depending on the target system.

What are the recommendations?

Barracuda MSP recommends the following steps to mitigate the effects of the Ghostscript vulnerability:

  • Update any Ghostscript installation to the current version of 10.03.1.
  • Remove it from your production systems if updating Ghostscript is not an option.
  • If your Ghostscript does not provide the latest version, then it might have already released a patch containing the fix.

References

For more in-depth information on the recommendations, please visit the following links:

If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.

This post originally appeared on Smarter MSP.