Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
CVE-2024-29510 – Exploiting Ghostscript using format strings (codeanlabs.com)
41 points by ThomasRinsma on July 2, 2024 | hide | past | favorite | 9 comments


for v10.03 or less from the article.. patched in Debian systems last May ?

https://tracker.debian.org/pkg/ghostscript


%n strikes again.

I believe that by default on osx %n is only respected if the format string is in readonly memory, I thought the default in Linux was to just ignore it?


Friendly question given the fatigue around bs critical CVEs. Is this properly rated?


It allows full RCE from an uploaded or opened file. That seems reasonably critical to me.


Thats.. in bad faith.

If thats the qualification for "remote" then you can say that every attack is remote and it clearly isnt.


Does this work with .pdf files? i.e. attacker uploads evil.pdf


yes, also with .eps files


The article describes the vulnerability in some detail so you don't have to rely on the rating at all. In fact, you can completely ignore any mention of CVEs lose nothing.


If I see a vulnerability in Ghostscript, I basically assume is full RCE at this point..




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: