Open pdf in LO/Draw: is COOL affected by current security flaw?

See: Critical RCE found in popular Ghostscript open-source PDF library - opening maliciously crafted pdf documents may lead to privilege escalation. Can this lead to attackers breaking out of the COOL sandbox?

Collabora Online uses PDFium as PDF filter.
Even LibreOffice doesn’t use ghostscipt for PDFs, it uses Poppler (ghostscript is used for handling EPS files as far as I can see in the code).

1 Like