07-19-2023, 07:57 AM
(This post was last modified: 07-19-2023, 08:04 AM by rich2005.
Edit Reason: typo
)
It is "Proof of concept" and "Exploitation can occur upon opening a file."
No need to be paranoid, has anyone found such a file ? Ghostscript (GS) handles postscript (including PDF) files. At one time GS was a separate Gimp installation, now it is embedded so you will probably have to wait for a Gimp installer revision.
If you are worried about it, reinstall Gimp and use the customise option. It is on by default, untick Postscript support.
For linux, (ubuntu 20.04 and 22.04) I did notice a GS update a couple of days ago. Maybe that was the patch.
I see ImageMagick (IM) mentioned. IM uses a policy file and GS has been disabled in that for a long time.
Bottom line, and the same for anything / everything, be careful what you download. Avoid dubious PDF's from those dodgy Russian sites
No need to be paranoid, has anyone found such a file ? Ghostscript (GS) handles postscript (including PDF) files. At one time GS was a separate Gimp installation, now it is embedded so you will probably have to wait for a Gimp installer revision.
If you are worried about it, reinstall Gimp and use the customise option. It is on by default, untick Postscript support.
For linux, (ubuntu 20.04 and 22.04) I did notice a GS update a couple of days ago. Maybe that was the patch.
I see ImageMagick (IM) mentioned. IM uses a policy file and GS has been disabled in that for a long time.
Bottom line, and the same for anything / everything, be careful what you download. Avoid dubious PDF's from those dodgy Russian sites