GhostTrap icon indicating copy to clipboard operation
GhostTrap copied to clipboard
verified publisher icon PaperCutSoftware

Ghostscript Code Execution Vulnerability

Open tenajsystems opened this issue 2 years ago • 3 comments

Our Qualys vulnerability scanner is detecting vulnerability with Ghost Trap per C:\Program Files\GhostTrap\bin\gsdll64.dll Version is 0.0.9.27. after we setup Print Deploy Mobility Print. It doesn't appear that this has been updated since 2019 (as shown here: https://www.papercut.com/help/manuals/mobility-print/how-it-works/ghost-trap-script/ and here: https://github.com/PaperCutSoftware/GhostTrap). Any thoughts on when it will be updated and how we can remediate the vulnerability which is at level 4 out of level 5? Thank you!

tenajsystems avatar Oct 31 '23 15:10 tenajsystems

I would email PaperCut support with the details, while the DLL itself is vulnerable there is a chance that Ghosttrap itself isn’t as it is designed to be a secure sandbox.

There is a KB page listing the CVEs that dont apply here: https://www.papercut.com/kb/Main/GhostScriptVulnerabilities

Joffcom avatar Nov 01 '23 00:11 Joffcom