CVE-2023-4042: Ghostscript Revisited - The Unpatched Flaw in Red Hat Enterprise Linux 8

A security hole identified as CVE-2023-4042 has been discovered in Ghostscript, an interpreter for the PostScript language and Portable Document Format (PDF). It appears that the fix for this vulnerability was not included in the recent RHSA-2021:1852-06 advisory as previously claimed. This issue is present only in the Ghostscript package that ships with Red Hat Enterprise Linux 8.

Background

Ghostscript is a widely used suite of software that interprets the PostScript language and renders PDF files. It is commonly found in printers, scanners, and various applications across multiple platforms. Due to its widespread usage, vulnerabilities in Ghostscript could have far-reaching consequences.

Exploit Details

CVE-2023-4042 relates to a flaw that was originally patched in CVE-202-16305. However, the fix for this vulnerability was unfortunately not included in the recent RHSA-2021:1852-06 advisory. As a result, users of the Ghostscript package provided with Red Hat Enterprise Linux 8 are still exposed to this unpatched security risk.

Code Snippet

The vulnerability is triggered by processing a specially crafted PostScript or PDF file that causes Ghostscript to perform an out-of-bounds read. The following code snippet demonstrates the issue:

void CVE_2023_4042_trigger (const char *input_file) {
    // triggering vulnerable function
    gs_main_instance *minst = NULL;
    int code = gs_main_init_with_args(&minst, my_args);

    // trigger exploit
    if (code == ) {
        code = gs_run_file(minst, input_file, 1, &code);
        gs_main_finit(minst, code, code);
    }
}

Impact

An attacker could exploit this vulnerability by crafting a malicious PostScript or PDF file and tricking the user into opening it with the vulnerable Ghostscript package. Successful exploitation could lead to information disclosure, denial of service, or even remote code execution, potentially compromising the target system.

To understand the full scope of this vulnerability, please refer to the following resources

- CVE-202-16305: https://nvd.nist.gov/vuln/detail/CVE-202-16305
- RHSA-2021:1852-06: https://access.redhat.com/errata/RHSA-2021:1852

Mitigation

Red Hat is currently working on a patch to address this issue in the affected Ghostscript package. In the meantime, users can take the following steps to mitigate the risk associated with this flaw:

Conclusion

CVE-2023-4042 serves as a reminder of the importance of ensuring that security patches are properly applied and vulnerability fixes are correctly included in software updates. It is critical for users of the affected Ghostscript package in Red Hat Enterprise Linux 8 to be vigilant and keep an eye out for software updates and patches to address this unpatched flaw.

Timeline

Published on: 08/23/2023 13:15:00 UTC
Last modified on: 08/29/2023 15:40:00 UTC