Popular open-source PDF library, Ghostscript, has been discovered to have a critical vulnerability that allows for remote code execution. The vulnerability is tracked as CVE-2023-3664 and impacts Ghostscript versions prior to 10.01.2. The software is installed by default in most linux distributions and use used by many software including some windows applications such as Inkscape. The vulnerability can be exploited upon opening a malicious file and it is recommended to upgrade to the latest version of Ghostscript. Applications could also be using Ghostscript without it being obvious, so it is recommended that applications that have the ability to render PDF or EPS files are checked for Ghostscript usage and updated as patches become available.
https://www.debian.org/security/2023/dsa-5446
This segment was created for the It’s 5:05 podcast