Participant

Question

Vulnerability within photoshop

Forum|Forum|1 year ago
June 14, 2024
13 replies
15030 views

Defender detects vulnerabilities in Artifex Gpl Ghostscript the evidence shows that this has to do with C:\Program Files\Adobe\Adobe Photoshop 2024\convert.exe, this is within photoshop. Anyone else having this or is there any update how we can resolve this vulnerability ?

Thanks

Windows

J

Jeffrey34604647yntr

Participant

Per the ImageMagick git

We don't bundle the Ghostscript library with our project. That library requires a paid license for commercial use so we cannot bundle it. We only search the registry to find the location where it is installed. This look like a bug / false positive in the tool that you are using.

Security vulnerability by ghostscript · ImageMagick/ImageMagick · Discussion #7411 · GitHub

A

AdrianScott-WWFUK

Participating Frequently

Looks like Microsoft have walked away with their tail between their legs 😉
Microsoft Defender for Endpoint is no longer reporting this vulnerability.
So looks like one of our reports / messages got through
Finally !

L

Lumigraphics

Legend

So after all that, there was no vulnerability.

This thread is basically a few people calling the police because there is a prowler outside their home. The police come, no prowler, but those people are still convinced there is one. :sigh:

M

Mark381096839y1s

Participating Frequently

Out of frustration I tried just removing the convert.exe as it's not something actively used, but low and behold the super efficient Adobe automatic update process just replaces it after a couple of days. Not bad for a component that Adobe denies any knowledge of and refuses to accept any responsibility for.

M

Mark381096839y1s

Participating Frequently

I have reported a false positive on our Defender 365 portal for each of the devices detected as per the response received by psirt@adobe.com

I have also replied to psirt@adobe.com asking them for a categorical statement that the ImageMagick component that gets installed by default, does not contain the detected vulnerabilites.

Lets see what happens next... if anything.

M

Mark381096839y1s

Participating Frequently

Nothing back from Adobe psirt regarding confirmation that ImageMagick does not have the vulnerability. The vuln is still showing up on Defender 365 dashboard as a CVSS 9.8 on the dashboard so obviously submitting the false positives has had no effect.

Not sure why Adobe wouldn't consider a CVE rated at 9.8 a priority? Maybe because they don't consider a third party component that they bundle in their software package to be their problem?

I am wondering whether anyone from Adobe looks at this community or are we urinating into the breeze.

R

Ross38814509w882

Participant

I have reported these vulnerabilities to the CERT Vulnerability Disclosure system (sponsored by CISA for industry coordination). They have opened a case based on my report. I'm hoping we will see movement through their work.

R

Ryan22233580monb

Participant

I contacted psirt@adobe.com, and got a prompt reply.

Defender detects vulnerabilities in Artifex Gpl Ghostscript the evidence shows that this has to do with C:\Program Files\Adobe\Adobe Photoshop 2024\convert.exe, this is within photoshop. Anyone else having this or is there any update how we can resolve this vulnerability ?

Thanks

By @Marewan5CDA

R

Ryan22233580monb

Participant

Sorry I pasted the wrong thing.... ignore my previous message. This is a false positive. They replied with

“Please be advised that the findings recently reported by Microsoft Defender regarding the use of Artifex GPL Ghostscript convert v6.9.9 are misidentified. Photoshop does not utilize this software tool, and therefore we are not affected by any associated vulnerabilities."

O

Oscar23292114soya

Participant

Hi Ryan,
I also emailed them about this but didn't get a reply. Do you mind pasting image of their reply here?

L

Lefty4444

Participant

I wonder after all if Microsoft should answer this detection.... Look at my screenshot, all findings are very old, but very recently detected by Defender Vulnerability Management.

Reported inaccuracy, let's see if they review it.

jerryg67923537

Participant

Have you heard anything back? Defender is still reporting these as vulnerable for me as of this morning. I can't anything official from Adobe on this either.

M

Mark381096839y1s

Participating Frequently

Has anyone received any updates from Adobe on this. I reported the discovered vulnerability through their psirt@adobe.com email address but have received nothing back, not even a confirmation.

S

Stephen302171183p2s

Participant

I have. Reported on Monday, got a reply on Friday.

"Hello,

Please be advised that the findings recently reported by Microsoft Defender regarding the use of Artifex GPL Postscript convert v6.9.9 are misidentified. Photoshop does not utilize this software tool, and therefore we are not affected by any associated vulnerabilities.

Thank you,

David

Adobe Product Security Incident Response Team"

E

Ed38104830l4m0

Participating Frequently

Honestly I'm not hugely confident in that response given that (a) they call it Postscript rather than Ghostscript, and (b) they just say they don't use that software tool, therefore can't have any of the vulnerabilities, but the file in quesition is from ImageMagick, and an old enough version to have legacy vulnerabilities.

I'm not saying the response is wrong, but I'd like to feel it was looked into a bit more than "nope, we don't use that tool, so we're good".

W

wss-web

Participant

We are seeing the same problem. Deleting the file does not work either.

L

Lumigraphics

Legend

Until Adobe confirms this, there is no way to know if their implementation is safe or not. They may be using Ghostscript in a way that cannot be exploited.

M

Mark381096839y1s

Participating Frequently

We are seeing the same here, 4 Windows device running Adobe Photoshop 2024 with the latest updates. It was first flagged by defender on 11th June. I was hoping to have seen some action by now from MS (as a false positive) or from Adobe (as a fix).

A

AdrianScott-WWFUK

Participating Frequently

Just wondering if anyone hasd reported this to Adobe through their official channel yet?
https://helpx.adobe.com/uk/security/alertus.html

A

AdrianScott-WWFUK

Participating Frequently

FYI: I have just notified them via the psirt@adobe.com email address to alert them of this issue

J

James381096270evm

Participant

I did manage to download ImageMagick-7.1.1-33-portable-Q16-x64.zip, which contained Convert.exe 7.1.1.0

However, that is also showing as vulnerable, exactly the same problem.

I thought we could update Ghostscript manually, but trying on a PC with Photoshop on it, it doesn't specifically have Ghostscript installed to update.

Stuck.

C

Chris37073256sizk

Participant

Is everyone reporting the issue running Microsoft Defender Threat / Vulnerability Management portal? I wonder if Defender is misreporting this, or of other vulnerability management platforms are also seeing this?

Chris

Show more replies

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded