Ghostscript .pdf_hook_DSC_Creator Procedure Security Bypass Vulnerability
A vulnerability in Artifex Software Ghostscript could allow an unauthenticated, local attacker to access or modify data, execute arbitrary commands, or cause a denial of service (DoS) condition on a targeted system.
The vulnerability exists because the .pdf_hook_DSC_Creator procedure does not properly secure privileged calls. An attacker could exploit this vulnerability by executing a crafted PostScript file that submits malicious input to the targeted system. A successful exploit could allow the attacker to access or modify data, execute arbitrary commands, or cause a DoS condition on the system.
Artifex Software has confirmed the vulnerability and released software updates.
Security Impact Rating: High