Monday, August 21, 2023

PDFCreator hit the Ghostscript 9.8/10 RCE vulnerability (CVE-2023-36664) - it just release 5.1.2 on 21 Aug 2023 to fix this issue (Very fast)

Background:

In 13 Jul 2023, Security researchers have discovered a critical vulnerability (CVE-2023-36664) in Ghostscript, an open-source interpreter for PostScript language and PDF files widely used in Linux and Windows's Open Source application. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

 

In 14 Aug 2023, the POC of this vulnerability have been released. https://github.com/jakabakos/CVE-2023-36664-Ghostscript-command-injection?s=03 

 

(Basically all PDF Printer using Ghostscript will hit this vulnerability unless it is using 10.01.2)

 

Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code through a specially crafted file due to improper handling of permission validation for pipe devices.

 

The vulnerability affects all versions of Ghostscript before 10.01.2. Applications on other operating systems, such as Windows, that use a port of affected Ghostscript versions also inherit this vulnerability.

 

Users and administrators of Linux systems are advised to upgrade to the latest version of Ghostscript, 10.01.2, using their distribution's package manager.

 

Users and administrators of open-source software that use ports of Ghostscript, such as LibreOffice, GIMP, Inkscape, Scribus, and ImageMagick, are advised to update to the latest versions when they are made available.

 

Sigma rules to detect possible exploitation of CVE-2023-36664 are available at https://github.com/KrollCYB/Kroll-CYB/tree/main/CVE-2023-36664.

More information is available here:

https://www.kroll.com/en/insights/publications/cyber/ghostscript-cve-2023-36664-remote-code-execution-vulnerability

https://www.bleepingcomputer.com/news/security/critical-rce-found-in-popular-ghostscript-open-source-pdf-library/

 

For open-source software on Windows that use ports of Ghostscript, the process of moving to the latest version may take longer, thus extra caution is advised for Windows installations.

https://vulnera.com/newswire/critical-remote-code-execution-vulnerability-discovered-in-ghostscript-pdf-library/

 

POC:

https://github.com/jakabakos/CVE-2023-36664-Ghostscript-command-injection?s=03 

 

 

Reference:

https://www.pdfforge.org/blog/pdfcreator-51-release

5.1.1 latest version which is released on May 15, 2023

https://www.pdfforge.org/blog/pdf-creator-5-1-1-maintenance-release

https://cn-sec.com/archives/1874078.html

https://www.csa.gov.sg/alerts-advisories/alerts/2023/al-2023-095

 

PDFCreator 5.1.2 have been released on 2023-08-21 to fix this vulnerability

 

https://docs.pdfforge.org/pdfcreator/en/pdfcreator/introduction/whats-new/

 

Stable Release 5.1.2 published on 2023-08-21

https://download.pdfforge.org/

 

Print Friendly and PDF
Share/Bookmark
Posted by Billy Fung at 10:23 PM
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)