VertiGIS uses this page to provide centralized information about the vulnerabilities CVE-2024-29507, CVE-2024-29508, CVE-2024-29509, CVE-2024-29510 and CVE-2024-29511 in "Ghostscript" and its impact on on UT for ArcGIS product family.
For at least one vulnerability exists a Proof-of-Concept-Exploit for a remote code execution (RCE).
Related information:
https://www.heise.de/en/news/Ghostscript-Code-smuggling-loophole-is-attacked-9794325.html
https://www.theregister.com/2024/07/05/ghostscript_vulnerability_severity/
This article will be updated as new information becomes available.
Products in the UT for ArcGIS product family do not ship with a version of Ghostscript.
In the past, the PLOT Server and PLOT Output products were used in the UT for ArcGIS environment to create DXF, TIFF and PDF files. An extended GPL Ghostscript version was installed from the PLOT Output package on the PLOT Server. This cannot be replaced with a current version of GPL Ghostscript. This extension of PLOT Server by PLOT Output was produced and provided for the last time with version 10.2.8. Only the client component PlotOutputExtension is still provided in current versions.
It is possible that old installations with PLOT Server and PLOT Output still exist. We recommend switching to alternative solutions for creating DXF, TIFF and PDF files. If you have any questions, please contact your account manager.
Comments
0 comments
Please sign in to leave a comment.