Flaw in Ghostscript allows malicious code to be injected
Chris Evans of Google has discovered a security vulnerability in Ghostscript that allows attackers to inject and execute arbitrary program code using manipulated PostScript files.
According to Evans' security advisory, the length value in the
zseticcspace() function within PostScript files is not properly checked. Attackers can therefore set arbitrary values for the length of an array, and Ghostscript will attempt to use them. As a result, a stack-based buffer overflow can occur and injected code can be executed.
The flaw affects Ghostscript 8.61 and possibly previous versions. The developers of Ghostscript have released version 8.62, which remedies the flaw. Linux distributors are also now distributing updated packages. Administrators of vulnerable systems are advised to install the updates as soon as possible.
- Stack-based buffer overflow in Ghostscript .seticcspace operator, security advisory by Chris Evans
- Download the latest Ghostscript source code packets