Ghostscript Code Execution Vulnerability

[tenajsystems]

Our Qualys vulnerability scanner is detecting vulnerability with Ghost Trap per C:\Program Files\GhostTrap\bin\gsdll64.dll Version is 0.0.9.27. after we setup Print Deploy Mobility Print. It doesn't appear that this has been updated since 2019 (as shown here: https://www.papercut.com/help/manuals/mobility-print/how-it-works/ghost-trap-script/ and here: https://github.com/PaperCutSoftware/GhostTrap). Any thoughts on when it will be updated and how we can remediate the vulnerability which is at level 4 out of level 5? Thank you!

[Joffcom]

I would email PaperCut support with the details, while the DLL itself is vulnerable there is a chance that Ghosttrap itself isn’t as it is designed to be a secure sandbox.

There is a KB page listing the CVEs that dont apply here: https://www.papercut.com/kb/Main/GhostScriptVulnerabilities

[asosin007]

The latest version of GhostTrap to Version 1.5.10.03 contains Ghostscript to version 10.03.1 which has vulnerabilities.
Does anyone know when a newer verions fo GhostTrap will be released that contains Ghostscript version 10.04.0 that doesn't have vulnerabilities ?

[squashedbeetle]

Hi @asosin007
Just had a chat with our development team - the work is in progress, so a new update will be released which includes an updated Ghostscript in the next month or two.