The information security community is buzzing with discussions about a vulnerability in Ghostscript, which some experts believe could lead to significant breaches in the coming months.
Ghostscript, a Postscript and Adobe PDF interpreter, allows users on various platforms including *nix, Windows, macOS, and several embedded operating systems to view, print, and convert PDFs and image files. It is commonly installed by default in many distributions and is also utilized by other packages for printing or conversion tasks.
This vulnerability, identified as CVE-2024-29510 and given a CVSS score of 5.5 (medium) by Tenable, was first reported to the Ghostscript team in March and was addressed in the April release of version 10.03.1. However, the researcher’s blog post that uncovered this flaw has recently sparked widespread interest.
Thomas Rinsma, the lead security analyst at Codean Labs in the Netherlands, discovered a method to achieve remote code execution (RCE) on systems running Ghostscript by bypassing the -dSAFER sandbox. Rinsma highlighted the potential impact on web applications and services that use Ghostscript for document conversion and preview functionalities.
Ghostscript’s extensive use in various applications, such as cloud storage preview images, chat programs, PDF conversion, printing, and optical character recognition (OCR) workflows,
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: