Webcast
How to find type confusion vulnerabilities in Ghostscript
Recorded July 25, 2019
Ghostscript, the core utility for viewing PDF on many systems, was first developed in 1986 by Peter Deutsch (who now is a musical composer).
Type confusion issues in Ghostscript are not new. In 2016, Tavis Ormandy from Google Project Zero reported a number of vulnerabilities in Ghostscript, one of which is caused by type confusion. In August 2018, Tavis again uncovered critical RCEs on anyone opening a malicious PDF file in Ghostscript, including three type confusions. Then in November 2018, Man Yue Mo, Security Researcher at Semmle used variant analysis to discover similar critical issues reported in CVE-2018-19475, CVE-2018-19134, CVE-2018-19476 and CVE-2018-19477.
In this webinar, Pavel Avgustinov, VP Engineering at Semmle will share:
- What you need to know about open source security today
- GitHub’s approach to helping open source projects stay secure
- How to apply GitHub’s same security best practices to your organization’s projects
Speaker
-
Pavel Avgustinov
VP Engineering, Semmle