CVE-2024-33871 is a critical vulnerability identified in Artifex Ghostscript, a widely used interpreter for PostScript and PDF files, affecting versions before 10.03.1. The vulnerability resides in the contrib/opvp/gdevopvp.c source file, specifically in the handling of the Driver parameter for opvp and oprp devices. This parameter can be manipulated to specify an arbitrary dynamic library name, which Ghostscript then loads without sufficient validation or sanitization. An attacker can craft a malicious PostScript document embedding this parameter to trigger the loading of a malicious dynamic library, resulting in arbitrary code execution within the context of the Ghostscript process. The vulnerability is classified under CWE-94 (Improper Control of Generation of Code), indicating that it allows injection and execution of untrusted code. The CVSS v3.1 base score is 8.8, reflecting high severity due to network attack vector, low attack complexity, no privileges required, but requiring user interaction (opening the malicious file). The impact includes full compromise of confidentiality, integrity, and availability of affected systems. Although no public exploits are currently known, the ease of exploitation and the critical nature of the flaw make it a significant threat, especially in environments where Ghostscript processes untrusted documents. The lack of an official patch at the time of disclosure necessitates immediate mitigation steps.

The vulnerability enables remote attackers to execute arbitrary code on systems running vulnerable versions of Ghostscript by tricking users into opening crafted PostScript documents. This can lead to complete system compromise, including data theft, system manipulation, and disruption of services. Organizations relying on Ghostscript for document rendering or conversion, especially in automated workflows or exposed services, face risks of malware deployment, ransomware infection, or lateral movement within networks. The broad use of Ghostscript in printing, document management, and PDF processing tools amplifies the potential attack surface. Confidentiality is at risk due to possible data exfiltration, integrity is compromised by unauthorized code execution, and availability can be affected by destructive payloads or system crashes. The requirement for user interaction limits automated exploitation but does not eliminate risk in environments where users frequently handle PostScript files. The absence of known exploits in the wild currently reduces immediate threat but does not preclude rapid weaponization given the vulnerability's characteristics.

Organizations should immediately upgrade to Ghostscript version 10.03.1 or later once available to address this vulnerability. Until patches are applied, implement strict controls on the handling of PostScript documents, including blocking or sandboxing untrusted PostScript files. Employ application whitelisting to prevent loading of unauthorized dynamic libraries. Disable or restrict the use of opvp and oprp devices within Ghostscript configurations if not required. Monitor systems for unusual dynamic library loading or process behavior indicative of exploitation attempts. Educate users to avoid opening unsolicited or suspicious PostScript documents. Network-level defenses such as email filtering and endpoint protection should be tuned to detect and block malicious PostScript content. Consider deploying runtime application self-protection (RASP) or behavior-based detection to identify exploitation attempts. Maintain up-to-date backups and incident response plans to mitigate potential damage from successful attacks.