Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
CVE-2023-36664 Update?
#4
It is "Proof of concept" and "Exploitation can occur upon opening a file."

No need to be paranoid, has anyone found such a file ? Ghostscript (GS) handles postscript (including PDF) files. At one time GS was a separate Gimp installation, now it is embedded so you will probably have to wait for a Gimp installer revision.

If you are worried about it, reinstall Gimp and use the customise option. It is on by default, untick Postscript support.

   

For linux, (ubuntu 20.04 and 22.04) I did notice a GS update a couple of days ago. Maybe that was the patch.
I see ImageMagick (IM) mentioned. IM uses a policy file and GS has been disabled in that for a long time.

Bottom line, and the same for anything / everything, be careful what you download. Avoid dubious PDF's from those dodgy Russian sites Smile
Reply


Messages In This Thread
CVE-2023-36664 Update? - by Gp_Ego_2.1 - 07-19-2023, 05:55 AM
RE: CVE-2023-36664 Update? - by Ofnuts - 07-19-2023, 06:42 AM
RE: CVE-2023-36664 Update? - by Gp_Ego_2.1 - 07-19-2023, 07:30 AM
RE: CVE-2023-36664 Update? - by rich2005 - 07-19-2023, 07:57 AM
RE: CVE-2023-36664 Update? - by Gp_Ego_2.1 - 07-19-2023, 08:04 AM

Forum Jump: