A vulnerability in Artifex Software Ghostscript could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.
The vulnerability is due to the bypass of the -dSAFER option by the operations of the affected software. An attacker could exploit this vulnerability by submitting a crafted PostScript file to a targeted system. A successful exploit could cause a type confusion in the .shfill operator and allow the attacker to execute arbitrary code.
Artifex Software confirmed the vulnerability and released a software patch.
Security Impact Rating: High