Headline

CVE-2022-44544: Bug #1979575 “Vulnerable PDF can trigger remote shell with PDF e...” : Bugs : Mahara

Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript.

1 year ago

CVE

Open in Source

#ubuntu #pdf

Vulnerable PDF can trigger remote shell with PDF export and ghostscript

Bug #1979575 reported by Robert Lyon on 2022-06-22

This bug affects 1 person

Affects

Status

Importance

Assigned to

Milestone

Mahara

Status tracked in 22.10

21.04

Fix Released

Medium

Unassigned

Mahara 21.04.7

21.10

Fix Released

Medium

Unassigned

Mahara 21.10.5

22.04

Fix Released

Medium

Unassigned

Mahara 22.04.3

22.10

Fix Released

Medium

Unassigned

Mahara 22.10.0

Bug Description

The problem is Ubuntu 18.04 servers require the use of the flag -dSAFER with ghostscript, otherwise if you submit a vulnerable PDF you can trigger a remote shell.

In Mahara, ghostscript can be used to combine generated pdfs for pdf export.

As it’s not the default way to combine pds and the fact that pdf export is not used by most systems I will mark this as a medium security issue.