A critical vulnerability, CVE-2024-29510, has been discovered in the Ghostscript rendering platform. This format string flaw affects versions up to 10.03.0, allowing attackers to bypass the -dSAFER sandbox and execute remote code. The vulnerability poses significant risks for web applications and services that utilize Ghostscript for document conversion and previews.
All about Ghostscript
Initially a UNIX tool for printers, is now widely used in automated systems, according to Codeanlabs.
Many web applications, including chat programs and cloud storage services, depend on Ghostscript for processing user-supplied files. Despite security enhancements like sandboxing, vulnerabilities like CVE-2024-29510 underscore the persistent risks.
CVE-2024-29510 – The Vulnerability
The vulnerability exploits its handling of format strings, enabling attackers to manipulate memory and execute arbitrary code. Despite the -dSAFER sandbox being designed to restrict dangerous operations, this flaw allows it to be bypassed.
The threat is especially concerning as it can be triggered by uploading a specially crafted EPS file or embedding the exploit in a LibreOffice document.
Below is a simplified version of the exploit code demonstrating how an attacker can execute arbitrary commands:
This code effectively disables the -dSAFER sandbox, allowing the execution of the gnome-calculator
command. The command can be replaced with any other to suit the attacker’s needs.
The impact of CVE-2024-29510
Web applications and services using this vulnerability for document processing are vulnerable to arbitrary code execution.
Update to Ghostscript version 10.03.1 or later to mitigate this risk.
You can also use the provided test kit to verify if your Ghostscript installation is affected:
ghostscript -q -dNODISPLAY -dBATCH CVE-2024-29510_testkit.ps
Timeline of events related to CVE-2024-29510 :
- 2024-03-14: Reported to the Artifex Ghostscript issue tracker.
- 2024-03-24: Mitre assigned CVE-2024-29510.
- 2024-03-28: Issue acknowledged by developers.
- 2024-05-02: Ghostscript 10.03.1 released to mitigate the issue.
- 2024-07-02: Vulnerability details published.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment