Artifex Ghostscript DOCXWRITE TXTWRITE Device Text Buffer Overflow Vulnerability

A text buffer overflow vulnerability has been identified in Artifex Ghostscript versions prior to 10.05.0. The issue arises in the DOCXWRITE TXTWRITE device, where long characters can overflow the text buffer in the file 'devices/vector/doc_common.c'. This vulnerability allows for remote code execution on x64 Linux systems.

Impact

Exploitation of this vulnerability leads to a text buffer overflow, allowing for remote code execution on the affected system.

Reproduction

The vulnerability can be reproduced by using Ghostscript with the TXTWRITE device. After applying the patch available in the Ghostscript Bugzilla issue #708132, the vulnerability can be exploited by sending a crafted PostScript file that includes long characters, exceeding the expected buffer length, to the TXTWRITE device. This can be done by using the Ghostscript command-line interface and directing the output to a null device, effectively executing the exploit without producing any visible output.

Remediation

Users can upgrade to Ghostscript version 10.05.0 or later, where this vulnerability has been fixed.