This vulnerability was resolved in Ghostscript 9.24, shipped September 3, 2018 and WebGrabber 8.1.0 December 20, 2018. 

The ActivePDF WebGrabber deployment of Ghostscript is not affected by VU#332928.

ActivePDF WebGrabber provides two engines for converting HTML to PDF. 

  • The Native engine does not utilized Ghostscript. 
  • The Internet Explorer engine does deploy GS to print the PDF.
    • The WebGrabber IE engine does not utilize the Ghostscript -dSAFER functionality
    • Vulnerability Note VU#332928 does not apply.

However, if you only use the Native engine and would like to remove Ghostscript, you may delete the Ghostscript dll from the WebGrabber installation- C:\Program Files\ActivePDF\P3Rest\Agents\gs32.dll

How do I tell which engine my application is using?
Check the code to see which engine is in use:

  • oWG.EngineToUse = APWebGrabberInterface.ConversionEngine.IE;   //IE engine use in .NET
  • oWG.EngineToUse = 1   ‘ IE engine use in COM, 0 = Native, 1 = IE
  • If the EngineToUse is not explicitly stated in the code, then it is defined in the Configuration manager. See image.
  • Note that the source code overrides the Configuration Manager, so check the source code first.
  • The default installation uses only the Native engine.