Memory Corruption and Sandbox Bypass Vulnerability in Artifex Ghostscript
Summary
The vulnerability CVE-2024-29510 affects Artifex Ghostscript before version 10.03.1, allowing memory corruption and sandbox bypass through format string injection with a uniprint device. This vulnerability poses a medium risk and has the potential to allow an attacker to execute arbitrary code. It affects Linux operating systems, as well as Fedora Linux, SUSE Linux, and Open Source Ghostscript. There is no evidence of exploitation of this vulnerability by ransomware groups at the moment. Various security advisories and updates have been released by different vendors to address this vulnerability, and affected users are advised to install the relevant patches promptly.
News Articles
最新的Ghostscript漏洞困扰着专家,成为下一个重大漏洞的推动者
信息安全圈充斥着关于Ghostscript漏洞的讨论,一些专家认为,这可能是未来几个月发生几起重大泄密事件的原因。 Ghostscript是一个Postscript和Adobe PDF解释器,允许*nix, Windows, MacOS和各种嵌入式操作系统和平台的用户查看,打印和转换PDF和图像文件。它是许多发行版的默认安装,其他包也间接使用它来支持打印或转换操作。 追踪为CVE-2024-29510...
3 months ago
CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software
CISA warns of actively exploited vulnerability in GeoServer GeoTools. Critical flaw allows remote code execution. Users urged to patch immediately.
3 months ago
Bug RCE no Ghostscript está sendo explorado em ataques
Afetando todas as instalações do Ghostscript 10.03.0 e anteriores, um bug RCE no Ghostscript está sendo explorado em ataques.
4 months ago
Timeline
- 👾
Exploit exists.
Vulnerability published.
First article discovered by Sentiguard