/t5/photoshop-ecosystem-discussions/vulnerability-within-photoshop/td-p/14681733Jun 14, 2024
Jun 14, 2024
Copy link to clipboard
Copied
Defender detects vulnerabilities in Artifex Gpl Ghostscript the evidence shows that this has to do with C:\Program Files\Adobe\Adobe Photoshop 2024\convert.exe, this is within photoshop. Anyone else having this or is there any update how we can resolve this vulnerability ?
I have reported these vulnerabilities to the CERT Vulnerability Disclosure system (sponsored by CISA for industry coordination). They have opened a case based on my report. I'm hoping we will see movement through their work.
Out of frustration I tried just removing the convert.exe as it's not something actively used, but low and behold the super efficient Adobe automatic update process just replaces it after a couple of days. Not bad for a component that Adobe denies any knowledge of and refuses to accept any responsibility for.
We don't bundle the Ghostscript library with our project. That library requires a paid license for commercial use so we cannot bundle it. We only search the registry to find the location where it is installed. This look like a bug / false positive in the tool that you are using.
Looks like Microsoft have walked away with their tail between their legs 😉 Microsoft Defender for Endpoint is no longer reporting this vulnerability. So looks like one of our reports / messages got through Finally !
This thread is basically a few people calling the police because there is a prowler outside their home. The police come, no prowler, but those people are still convinced there is one. :sigh:
57
Replies
AdChoices