Headline
CVE-2022-44544: Bug #1979575 “Vulnerable PDF can trigger remote shell with PDF e...” : Bugs : Mahara
Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript.
Vulnerable PDF can trigger remote shell with PDF export and ghostscript
Bug #1979575 reported by Robert Lyon on 2022-06-22
This bug affects 1 person
Affects
Status
Importance
Assigned to
Milestone
Mahara
Status tracked in 22.10
21.04
Fix Released
Medium
Unassigned
Mahara 21.04.7
21.10
Fix Released
Medium
Unassigned
Mahara 21.10.5
22.04
Fix Released
Medium
Unassigned
Mahara 22.04.3
22.10
Fix Released
Medium
Unassigned
Mahara 22.10.0
Bug Description
The problem is Ubuntu 18.04 servers require the use of the flag -dSAFER with ghostscript, otherwise if you submit a vulnerable PDF you can trigger a remote shell.
In Mahara, ghostscript can be used to combine generated pdfs for pdf export.
As it’s not the default way to combine pds and the fact that pdf export is not used by most systems I will mark this as a medium security issue.