This vulnerability was resolved in Ghostscript 9.24, shipped September 3, 2018 and WebGrabber 8.1.0 December 20, 2018.
The ActivePDF WebGrabber deployment of Ghostscript is not affected by VU#332928.
ActivePDF WebGrabber provides two engines for converting HTML to PDF.
- The Native engine does not utilized Ghostscript.
- The Internet Explorer engine does deploy GS to print the PDF.
- The WebGrabber IE engine does not utilize the Ghostscript -dSAFER functionality
- Vulnerability Note VU#332928 does not apply.
However, if you only use the Native engine and would like to remove Ghostscript, you may delete the Ghostscript dll from the WebGrabber installation- C:\Program Files\ActivePDF\P3Rest\Agents\gs32.dll
How do I tell which engine my application is using?
Check the code to see which engine is in use:
- oWG.EngineToUse = APWebGrabberInterface.ConversionEngine.IE; //IE engine use in .NET
- oWG.EngineToUse = 1 ‘ IE engine use in COM, 0 = Native, 1 = IE
- If the EngineToUse is not explicitly stated in the code, then it is defined in the Configuration manager. See image.
- Note that the source code overrides the Configuration Manager, so check the source code first.
- The default installation uses only the Native engine.