Webcast

How to find type confusion vulnerabilities in Ghostscript

Recorded July 25, 2019

Ghostscript, the core utility for viewing PDF on many systems, was first developed in 1986 by Peter Deutsch (who now is a musical composer).

Type confusion issues in Ghostscript are not new. In 2016, Tavis Ormandy from Google Project Zero reported a number of vulnerabilities in Ghostscript, one of which is caused by type confusion. In August 2018, Tavis again uncovered critical RCEs on anyone opening a malicious PDF file in Ghostscript, including three type confusions. Then in November 2018, Man Yue Mo, Security Researcher at Semmle used variant analysis to discover similar critical issues reported in CVE-2018-19475, CVE-2018-19134, CVE-2018-19476 and CVE-2018-19477.

In this webinar, Pavel Avgustinov, VP Engineering at Semmle will share:

  • What you need to know about open source security today
  • GitHub’s approach to helping open source projects stay secure
  • How to apply GitHub’s same security best practices to your organization’s projects

Speaker

  • Pavel Avgustinov

    VP Engineering, Semmle

See all webcasts →
Your full name is required.
A valid email address is required.
A valid company name is required.
A valid comment is required.