Ghostscript Vulnerability Actively Exploited in the Wild

A severe remote code execution (RCE) vulnerability in the widely used Ghostscript library is being actively exploited. This vulnerability, identified as CVE-2024-29510, affects Ghostscript versions 10.03.0 and earlier. Ghostscript, a document conversion tool, is commonly found on Linux systems and is integral to various applications such as ImageMagick, LibreOffice, and GIMP.

• Vulnerability Description: The flaw allows attackers to bypass the -dSAFER sandbox, enabling command execution and file manipulation.
• Affected Systems: Systems using Ghostscript for document conversion and preview functionalities.
• Exploitation Method: Attackers disguise EPS files as JPGs to gain shell access.
• Mitigation: Update to Ghostscript version 10.03.1 or apply available patches from your distribution.

1. Verify Usage: Ensure your systems and applications do not indirectly rely on vulnerable versions of Ghostscript.
2. Apply Updates: Upgrade to the latest version or apply distribution-specific patches.
3. Monitor Systems: Use tools provided by security researchers to detect vulnerabilities.

This is not the first RCE vulnerability affecting Ghostscript; a similar issue, CVE-2023-36664, was patched in 2023. The current vulnerability’s exploitation in the wild underscores the importance of timely updates and vigilant system monitoring.

SecPod SanerNow is the Patch Management tool you need to detect and patch dangerous risks and remediate your attack surface. SanerNow automatically scans for risks, downloads and deploys patches accordingly. Further, SanerNow supports all major OSs and 550+ third-party applications.

Schedule a demo and keep your systems updated and secure with SanerNow: Schedule here