There is a vulnerability called Ghostscript that is affecting various vendors and an attacker could exploit it to take control of an affected system, according to a report from NCCIC.
As a result, NCCIC released a warning to encourage users and administrators to apply necessary workarounds, and refer to vendors for appropriate patches, when available.
The Ghostscript malware contains multiple -dSAFER sandbox bypass vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system.
Ghostscript contains an optional –dSAFER option, which should prevent unsafe PostScript operations. Multiple PostScript operations bypass the protections provided by -dSAFER, which can allow an attacker to execute arbitrary commands with arbitrary arguments. This vulnerability can also be exploited in applications that leverage Ghostscript, such as ImageMagick.
By causing Ghostscript or a program that leverages Ghostscript to parse a specially-crafted file, a remote, unauthenticated attacker may be able to execute arbitrary commands with the privileges of the Ghostscript code.
CERT Coordination Center (CERT/CC) is unaware of a practical solution to this problem. Along those lines, users should consider the following workarounds: Disable PS, EPS, PDF, and XPS coders in ImageMagick policy.xml.