.. / CVE-2023-36664

Exploit for Artifex Ghostscript <= 10.01.2 command injection (CVE-2023-36664)

Description:

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the pipe character prefix).

Proof of Concept

PoC exploit

Try the exploit in a lab environment:

Lab Machine Link
Hack The Box Hospital Go to Practice

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-36664
https://bugs.ghostscript.com/show_bug.cgi?id=706761
https://lists.debian.org/debian-security-announce/2023/msg00138.html