XnView Software

• <!--//
  
  • This topic has been split from “How to display vector formats like PDF, AI,...? GhostScript!”.
    Cross-post: “Ghostscript... ¿ha sido desde siempre un virus?”
  // -->

Hi, I have a doubt concerning this vector format interpreter and displayer, called Ghostscript

Surfing on the net, I have realized that there are some issues that advise of multiple memory corruption vulnerabilities on Ghostscript software, which could allow remote access to our computers opening any Postscript file. For example, this site explains it:

http://seclists.org/fulldisclosure/2010/May/134

On the other hand, I have online scanned the ghostscript installation file (gs905w32.exe, 12 MB) in order to assure myself it was safe, and some antivirus recognize it like the virus called "PUA.Script.PDF.EmbeddedJS-1". Other sites say that is just a false positive, because some antivirus which use heuristic detection methods doesn't spend time on including some patterns from secure softwares.... but I am not sure....

I tried to scan a early version of ghostscript that I saved many years ago into a CD (2003 or so), and a similar or worse result is given:

AVG --> Suspicion: unknown virus
ByteHero ---> Trojan.Malware.Obscu.Gen.001
F-Prot ---> File is damaged

If these false detections are from an almost 10 years old software... ¿didn't have enough time this antivirus software for including this software as safe? . Or really, isn't it ?

And on top of that, the free application that comes with the ghostscript interpreter, the Ghostscript Viewer, also seems to have a trojan called Trojan.Malware.Obscu.Gen.001,

My question is.. Is it safe to install ghostscript?. Are those (false?) detections a serious argument against its installion?. Are those vulnerabilities the proof of those detection are not wrong? And the most important ... ¿ Is there any other free postscript/vector format interpreter and displayer available on the net apart of ghostscript?

Ghostscript is a well know software, developed for years and still on current status - is is not "10 years old". It is also integrated in other software packs like PDFCreator and so on.
http://en.wikipedia.org/wiki/Ghostscript

If you download it from the official site it should be secure.

Peter

Many thanks for your answer

Peter2 wrote: If you download it from the official site it should be secure.
Peter

The fact is that all those detections are obtained scanning the file downloaded from the official site

I know that many other softwares (included Windows S.O.) have uncountable known (or unknown) security vulnerabilities, but they are not detected as viruses or trojans like ghostscript ...

Well, I refer to the solution given on the site I provided in my first comment and I will search for other PDf interpreters and displayers...

==Solution==

In the absence of a patch, users are encouraged to discontinue use of
Ghostscript or avoid processing untrusted PostScript files.

Rostein wrote:

==Solution==

In the absence of a patch, users are encouraged to discontinue use of
Ghostscript or avoid processing untrusted PostScript files.

There is a difference between an "unsecure software" and "untrusted PostScript Files". Are we talking about the same thing?

Peter

Peter2 wrote:

Rostein wrote:

==Solution==

In the absence of a patch, users are encouraged to discontinue use of
Ghostscript or avoid processing untrusted PostScript files.

There is a difference between an "unsecure software" and "untrusted PostScript Files". Are we talking about the same thing?

Peter

You are right, but maybe the virus traces detected by some antivirus may be caused by those vulnerabilities, right?

That issue says ghostscript may be the door to harmful remote entries (but not that the software is a virus itself)... but at the same time, the virus scanning reports that the installation file is a malware itself.. I dont know what to think.

Rostein wrote:.. I dont know what to think.

I don't know either...

I never heard that PS-files open a door for malware, but maybe you will find something in the internet?
And if the PS is the problem, maybe other PDF-software has the same problem?

No idea ...

Peter