Ghostscript Command Injection CVE-2023-36664 Exploit

August 16, 2023 / Prapattimynk

Ghostscript Command Injection CVE-2023-36664 Exploit

Vulnerability disclosed in Ghostscript prior to version 10.01.2 leads to code execution (CVSS score 9.8).

Official vulnerability description:

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

Debian released a security advisory mentioning possible execution of arbitrary commands:

“It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, does not properly handle permission validation for pipe devices, which could result in the execution of arbitrary commands if malformed document files are processed.”

Download

Upvote0PointsDownvote

0 People voted this article. 0 Upvotes - 0 Downvotes.

SentinelOne Agent Free Download

What do you think?

It is nice to know your opinion. Leave a comment.

September 14, 2023

FHR Electric Data Leak

July 8, 2023

Postfix SMTP Smuggling CVE-2023-51764 Exploit

December 27, 2023

WSPCoerce - PoC to coerce authentication from Windows hosts using MS-WSP

July 28, 2023

CVE-2023-20110 Exploit | Cisco Smart Software Manager On-Prem SQL Injection

July 16, 2023

Now Reading: Ghostscript Command Injection CVE-2023-36664 Exploit

Ghostscript Command Injection CVE-2023-36664 Exploit

Share

SentinelOne Agent Free Download

WPS Office Rce POC

What do you think?

Leave a reply Cancel reply

Craxs Rat V6.7 Working Free Download

FHR Electric Data Leak

Postfix SMTP Smuggling CVE-2023-51764 Exploit

WSPCoerce - PoC to coerce authentication from Windows hosts using MS-WSP

CVE-2023-20110 Exploit | Cisco Smart Software Manager On-Prem SQL Injection

Quick Navigation

Ghostscript Command Injection CVE-2023-36664 Exploit