Security Announcement on CVE-2023-36664

We will update this announcement with new details as they emerge from our analysis. Please check back periodically.

Last update: 20 July 2023, 9:00 AM CET

CVE-2023-36664 is a new critical vulnerability in Ghostscript, rated 9.8. More official information about it can be found here.

The vulnerability allows a remote attacker to execute remote code. The vulnerability is caused by incorrect permission validation for pipe devices (with the prefix "%pipe%" or the pipe character "|").

enaio® (all supported versions: 10.0, 10.10, 11.0)

Ghostscript is used by enaio® documentviewer in all versions for conversion. Ghostscript is not installed during the installation for licensing reasons. However, we have provided installation data, most recently for version 9.27, which is affected by this vulnerability.

Currently we provide the setup for Ghostscript version 10.01.2, gs10012w64.exe, as part of the installation data for enaio® documentviewer.

In this version the vulnerability is fixed. It is strongly recommended to update to this or a later Ghostscript version.

Navigation

Navigate through the help pages using the table of contents on the left. If it is not displayed when the window width is small, you can temporarily show it via the hamburger menu on the right.

Use the arrows on the toolbar to navigate to the next/previous page.

You can show hidden areas. Use the toolbar to show all hidden areas at once:

Clicking the product icon in the header returns you to the beginning of the current area. Use the toolbar to access the initial page: