Conversation

Notices

1. Embed this notice
   boB Rudis 🇺🇦 🇬🇱 🇨🇦 (hrbrmstr@mastodon.social)'s status on Wednesday, 03-Jul-2024 21:11:55 JST boB Rudis 🇺🇦 🇬🇱 🇨🇦

   Um… CVE-2024-29510 (Ghostscript format string vuln that lets RCE escape the sandbox) sounds…bad? Especially since GS is in many automagic document processing pipelines in thousands of orgs (who likely don't know it’s powering their pipelines).

   https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/

   • Embed this notice
     Bill Mill (llimllib@hachyderm.io)'s status on Wednesday, 03-Jul-2024 21:20:51 JST Bill Mill

     in reply to

     @hrbrmstr The vector for us was that somebody uploaded a file with a jpg extension that was actually an EPS (postscript) file. A javascript library passed the image to imagemagick, which detected it as a postscript file and passed it off to ghostscript (we had no idea it would do this), which then happily gave shell to the attacker. madness

   • Embed this notice
     Bill Mill (llimllib@hachyderm.io)'s status on Wednesday, 03-Jul-2024 21:20:52 JST Bill Mill

     in reply to

     @hrbrmstr We had this reported against us and had to fix it already! So I know it's been out in the wild.

     I didn't have time to pin it down far enough to make a proper report, unfortunately