Ghostscript leak makes ImageMagick vulnerable to remote code execution

The American Cert warns of vulnerabilities in Ghostscript, an open source interpreter for PostScript, which enable remote code execution. Because Ghostscript is used in other software, including ImageMagick, there is also a risk there.

In its warning, the Cert states that Red Hat and Ubuntu are also affected by the vulnerabilities, which do not yet have a CVE designation. It doesn’t mention patches yet, but recommends disabling the processing of ps, eps, pdf, and xps files in ImageMagick as a work-around. According to the organization, the vulnerabilities allow an attacker to allow Ghostscript or software that uses it to process a custom file, allowing them to run code remotely with the privileges of the Ghostscript code.

The Cert references a message on the Openwall mailing list by Tavis Ormandy, a researcher at Google’s Project Zero, who discovered the leaks. In it, he explains that there are several ways to circumvent the Ghostscript -dSAFER setting, which aims to prevent insecure PostScript actions. PostScript is a page description language developed by Adobe. Ghostscript serves as an interpreter or translator for this, just as it does for pdf. In addition to ImageMagick, it is also used in software such as GIMP and Evince, Ormandy said.

ImageMagick is a widely used image processing library that is supported by PHP, Ruby, NodeJS and Python, among others. Many content management systems, social media sites, blogs and the like use ImageMagick directly or indirectly for various processing operations.