Tavis Ormandy, a Google Project Zero security researcher, has revealed details about a new major vulnerability discovered in Ghostscript, an interpreter for Adobe's PostScript and PDF page description languages.
Ghostscript is by far the most widely used solution of its kind. The Ghostscript interpreter is embedded in hundreds of software suites and coding libraries that allow desktop software and web servers to handle PostScript and PDF-based documents.
For example, you'll find Ghostscript inside ImageMagick, Evince, GIMP, and all PDF editing or viewing software.
Exploiting bug leads to remote system takeover
Exploiting the bug Ormandy discovered requires that an attacker sends a malformed PostScript, PDF, EPS, or XPS file to a victim. Once the file reaches the Ghostscript interpreter, the malicious code contained within will execute an attacker's desired on that machine.
...
.....
....