• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
10

Vulnerability within photoshop

Community Beginner ,
Jun 14, 2024 Jun 14, 2024

Copy link to clipboard

Copied

Defender detects vulnerabilities in Artifex Gpl Ghostscript  the evidence shows that this has to do with C:\Program Files\Adobe\Adobe Photoshop 2024\convert.exe, this is within photoshop. Anyone else having this or is there any update how we can resolve this vulnerability ?

 

Thanks 

TOPICS
Windows

Views

5.5K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe
Community Expert ,
Jun 14, 2024 Jun 14, 2024

Copy link to clipboard

Copied

@Marewan5CDA I'd imagine it's a false positive, Virus Total shows that it's safe, and I scanned it with Bitdefender and again no issues

https://www.virustotal.com/gui/file/f2eb6b70203d9f6b5073b7c88f393fd7091d5a34ccc1d85eec83dfad0cbb0ac4

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jun 14, 2024 Jun 14, 2024

Copy link to clipboard

Copied

We are having the same issue with a Windows 10 device running Phostoshop that has been updated to the latest version.

The convert.exe file itself is not malicious which is what BitDefender and Virus Total check for.

 

The issue is that Defender is detecting the version number 6.9.9.0 which has a known critical vulnerability CVE-2018-18284 which is "Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator." The following is what Defender is signalling on

 

Windows1010.0.19045.4412x64artifexgpl_ghostscript6.9.9.0CVE-2018-18284Critical

 

Since this file is installed as part of PhotoShop, Adobe needs to update it. The latest release is Ghostscript 10.03.1 (2024-05-02). When will Adobe update?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jun 16, 2024 Jun 16, 2024

Copy link to clipboard

Copied

Could there be a chance Defender Vulnerability Management is incorrectly picking up the version of Ghostscript? We have the same issue on two fresh installs of Photoshop.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jun 18, 2024 Jun 18, 2024

Copy link to clipboard

Copied

We have this issue too on some of our device, does adobe have adress this issue ? 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Jun 18, 2024 Jun 18, 2024

Copy link to clipboard

Copied

I don't think it's a false positive (though it's not detecting a virus, but the presence of a vulnerability in a program). Whether that vulnerability is exploitable is a different question, but I think it's fair to assume that it could be, as it's clearly an old standalone .exe bundled with the install. I think I'm going to block execution of this version of the .exe using applocker until there's an update.. we'll see if anything breaks..

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jun 17, 2024 Jun 17, 2024

Copy link to clipboard

Copied

We too are seeing this vulnerability, however, we use Adobe Remote Update Manager (RUM) on all our machines with Adobe Creative Cloud apps installed, those that have run RUM have updated to the latest security release for Adobe Photoshop (25.9.1.626) released on the 11th June 2024 (see: https://helpx.adobe.com/security/products/photoshop/apsb24-27.html)
N.B. From my clients, it appears that all devices with a version older than 25.9.1.626 appear to be affected by the GPL PostScript vulnerability, so my suggestion is update all your Adobe Photoshop installs to the latest security fix.
I'm off to nudge the remaining machines that have not yet updated 😉

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jun 17, 2024 Jun 17, 2024

Copy link to clipboard

Copied

Ignore my post above - Unfortunately, it was a co-incidence that all older versions were affected.

Microsoft Defender for Endpoint if flagging that this is affecting all installs.

Adobe - Please Fix!

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Jun 17, 2024 Jun 17, 2024

Copy link to clipboard

Copied

@AdrianScott-WWFUK i was about to reply on it :). We are already using the CC

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Jun 17, 2024 Jun 17, 2024

Copy link to clipboard

Copied

Just to add we're seeing this too. Also applies to Photoshop 2023 and 2022. 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Jun 18, 2024 Jun 18, 2024

Copy link to clipboard

Copied

I did manage to download ImageMagick-7.1.1-33-portable-Q16-x64.zip, which contained Convert.exe 7.1.1.0

However, that is also showing as vulnerable, exactly the same problem.

I thought we could update Ghostscript manually, but trying on a PC with Photoshop on it, it doesn't specifically have Ghostscript installed to update.

Stuck.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jun 18, 2024 Jun 18, 2024

Copy link to clipboard

Copied

Is everyone reporting the issue running Microsoft Defender Threat / Vulnerability Management portal? I wonder if Defender is misreporting this, or of other vulnerability management platforms are also seeing this?

Chris

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Jun 18, 2024 Jun 18, 2024

Copy link to clipboard

Copied

We are seeing the same here, 4 Windows device running Adobe Photoshop 2024 with the latest updates. It was first flagged by defender on 11th June. I was hoping to have seen some action by now from MS (as a false positive) or from Adobe (as a fix).

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jun 18, 2024 Jun 18, 2024

Copy link to clipboard

Copied

Just wondering if anyone hasd reported this to Adobe through their official channel yet?
https://helpx.adobe.com/uk/security/alertus.html 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jun 18, 2024 Jun 18, 2024

Copy link to clipboard

Copied

FYI: I have just notified them via the psirt@adobe.com email address to alert them of this issue

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Jun 18, 2024 Jun 18, 2024

Copy link to clipboard

Copied

Thanks for this info, I will be sumitting a report too.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jun 28, 2024 Jun 28, 2024

Copy link to clipboard

Copied

I reported this via psirt@adobe.com listing all 12 of the CVE showing in Defender. Today I recieved this reply back.

 

"Hello,
Please be advised that the findings recently reported by Microsoft Defender regarding the use of Artifex GPL Postscript convert v6.9.9 are misidentified. Photoshop does not utilize this software tool, and therefore we are not affected by any associated vulnerabilities.
Thank you,
David
Adobe Product Security Incident Response Team"

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Jun 18, 2024 Jun 18, 2024

Copy link to clipboard

Copied

Until Adobe confirms this, there is no way to know if their implementation is safe or not. They may be using Ghostscript in a way that cannot be exploited.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jun 18, 2024 Jun 18, 2024

Copy link to clipboard

Copied

We are seeing the same problem. Deleting the file does not work either.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Jun 26, 2024 Jun 26, 2024

Copy link to clipboard

Copied

Has anyone received any updates from Adobe on this. I reported the discovered vulnerability through their psirt@adobe.com email address but have received nothing back, not even a confirmation.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jun 28, 2024 Jun 28, 2024

Copy link to clipboard

Copied

I have. Reported on Monday, got a reply on Friday.

"Hello,

Please be advised that the findings recently reported by Microsoft Defender regarding the use of Artifex GPL Postscript convert v6.9.9 are misidentified. Photoshop does not utilize this software tool, and therefore we are not affected by any associated vulnerabilities.
Thank you,
David
Adobe Product Security Incident Response Team"

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Jun 28, 2024 Jun 28, 2024

Copy link to clipboard

Copied

Honestly I'm not hugely confident in that response given that (a) they call it Postscript rather than Ghostscript, and (b) they just say they don't use that software tool, therefore can't have any of the vulnerabilities, but the file in quesition is from ImageMagick, and an old enough version to have legacy vulnerabilities. 

 

I'm not saying the response is wrong, but I'd like to feel it was looked into a bit more than "nope, we don't use that tool, so we're good".

 

Screenshot 2024-06-28 at 11.56.24.png

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Jun 28, 2024 Jun 28, 2024

Copy link to clipboard

Copied

I updated this file to the latest version (7.1.1.0) on some PC's and it's still showing up as vulnerable.

James381096270evm_0-1719586253368.png

This and the fact the dates go back years makes me think it's a red herring.
We need to know for sure though either way..

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Jun 28, 2024 Jun 28, 2024

Copy link to clipboard

Copied

Is the updated file showing as the one that’s vulnerable in Defender? I don’t know about your setup, but I’ve fully uninstalled Photoshop on some machines and they’re still showing as vulnerable, presumably as they haven’t rescanned the file yet. It’s been very slow to update the status, which is annoying!

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Jun 28, 2024 Jun 28, 2024

Copy link to clipboard

Copied

Yep I was surprised to see, the screenshot shows both 6.9.9 and 7.1.1 show up under the same vulnerability, it made no difference.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines