Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
GhostScript RCE (Remote Code Execution) - Vulnerability Database

GhostScript RCE (Remote Code Execution)

Description

Multiple critical vulnerabilities exist in Ghostscript, an interpreter for PostScript and PDF files, that allow remote code execution when processing maliciously crafted documents or images. These vulnerabilities were discovered by Google Project Zero researcher Tavis Ormandy and affect numerous applications that rely on Ghostscript for document processing, including ImageMagick, Evince, GIMP, and various web-based file conversion services. Attackers can exploit these flaws by submitting specially crafted PostScript, EPS, PDF, or image files that bypass Ghostscript's security sandbox mechanisms.

Remediation

Immediately apply the following mitigations to protect against Ghostscript RCE vulnerabilities:

1. Update Ghostscript: Upgrade to the latest stable version of Ghostscript that includes security patches for CVE-2016-3714 and related vulnerabilities.

2. Disable Vulnerable Coders in ImageMagick: If using ImageMagick, edit the policy.xml configuration file (typically located at /etc/ImageMagick-6/policy.xml or /etc/ImageMagick-7/policy.xml) and add the following restrictions before the final </policymap> tag:

<policy domain="coder" rights="none" pattern="PS" />
<policy domain="coder" rights="none" pattern="PS2" />
<policy domain="coder" rights="none" pattern="PS3" />
<policy domain="coder" rights="none" pattern="EPS" />
<policy domain="coder" rights="none" pattern="PDF" />
<policy domain="coder" rights="none" pattern="XPS" />

3. Implement File Type Validation: Validate uploaded files using multiple methods including magic byte verification, not just file extensions. Reject files that match PostScript or PDF signatures if they are not required by your application.

4. Apply Principle of Least Privilege: Ensure the web server and image processing services run with minimal system privileges using dedicated service accounts with restricted permissions.

5. Use Sandboxing: Deploy containerization (Docker, LXC) or sandboxing technologies to isolate file processing operations from critical system resources.

References

More Ghostscript Issues
ghostscript: multiple critical vulnerabilities, including remote command execution

Related Vulnerabilities

Xdebug remote code execution via xdebug.remote_connect_back High
Common tags: Code Execution OOB Vulnerabilities
Oracle WebLogic Remote Code Execution via IIOP High
Common tags: Code Execution OOB Vulnerabilities
Flex BlazeDS AMF Deserialization RCE High
Common tags: Code Execution OOB Vulnerabilities
Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070) High
Common tags: Code Execution OOB Vulnerabilities
Apache Shiro Deserialization RCE High
Common tags: Code Execution OOB Vulnerabilities

Severity

Critical

Classification

CVE-2016-3714
CWE-78
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution
OOB Vulnerabilities