Shulou(Shulou.com)06/01 Report--

This article mainly shows you the "ghostscript arbitrary file read and write vulnerabilities example analysis", the content is easy to understand, clear, hope to help you solve doubts, the following let the editor lead you to study and learn "ghostscript arbitrary file read and write vulnerabilities example analysis" this article.

0x00 vulnerability background

On October 9th, Tavis Ormandy made a public mailing list

(hxxps://bugs.chromium [.] org/p/project-zero/issues/detail?id=1682)

Once again, it is pointed out that the security sandbox of ghostscript can be bypassed and arbitrary files can be read and written by constructing malicious picture content.

Ghostscript is widely used, such as ImageMagick, python-matplotlib, libmagick and other image processing applications.

In ghostscript, due to previous security incidents, gs officially uses the added parameter-dSAFER to open the security sandbox. This time, Taviso found that .forceput remains in stack through a special command group, and uses the forceput command by re-registering the command, causing arbitrary read and write vulnerabilities.

Impact of 0x01 vulnerabilities

Version

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.