Ghostscript Vulnerability Allows Remote Code Execution
An vulnerability has been identified in Ghostscript, an open interpreter of the Postscript language and PDF files, commonly used in Linux systems. This vulnerability allows for the remote execution of arbitrary code.
The vulnerability has been assigned the identifier CVE-2023-3664 and has been rated with a criticality assessment of 9.8 on the CVSS V3 scale. The vulnerability affects all versions of Ghostscript except for the most recent version 10.01.2, which was released three weeks ago.
Specialists from Kroll have developed a proof-of-concept (POC) demonstration for this vulnerability. In the cybersecurity field, POC exploits are typically classified based on the type of vulnerability they exploit, whether they are local or remote exploits, and the resulting impact of the exploit (e.g. EOP, DOS, Spulping). One popular scheme for zero-day exploits is the Exploit-A-A-Service model.