Artifex Ghostscript Argument Sanitization Vulnerability Leading to Password Disclosure in PDFs

A vulnerability in Artifex Ghostscript versions prior to 10.05.1 allows for the unintentional inclusion of plaintext passwords in PDF files. This issue arises from inadequate argument sanitization in the 'gs_lib_ctx_stash_sanitized_arg' function within 'base/gslibctx.c'. When a PDF is created with password protection, the entire command-line input, including the password, is embedded at the beginning of the PDF file. This flaw enables anyone with access to the PDF to easily extract the password by using standard file reading commands.

Impact

Exploitation of this vulnerability results in the unauthorized disclosure of passwords used for encrypting PDF documents, potentially compromising the security of the PDF's contents.

Reproduction

To reproduce this vulnerability, download and install Artifex Ghostscript version 10.05.0 on a Windows 10 machine. Use the command-line interface to run 'gswin64.exe' with parameters that include a plaintext password for both the user and owner passwords. Once the command is executed, the 'test.pdf' file will be created. Inspecting this file with a command that reads its contents will reveal the embedded password, demonstrating the lack of proper argument sanitization.

Remediation

Users can upgrade to Artifex Ghostscript version 10.05.1 or later, where this vulnerability has been addressed.