Um… CVE-2024-29510 (Ghostscript format string vuln that lets RCE escape the sandbox) sounds…bad? Especially since GS is in many automagic document processing pipelines in thousands of orgs (who likely don't know it’s powering their pipelines).
https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/
boB Rudis 🇺🇦 #NeverGoingBack /
npub1ww…fs6tf
2024-07-03 11:52:02
Author Public Key
npub1ww9r2llfqa6su6pkyv8qff729e0cz8cv6xtjckz4gm3ug3v72p6stfs6tfSeen on
wss://relay.noswhere.comPublished at
2024-07-03 11:52:02Event JSON
{
"id": "77b4d36a6e3bcb52558fb5051860a3d97b473d7432ace66426269df9363b43a2",
"pubkey": "738a357fe907750e6836230e04a7ca2e5f811f0cd1972c585546e3c4459e5075",
"created_at": 1720007522,
"kind": 1,
"tags": [
[
"proxy",
"https://mastodon.social/@hrbrmstr/112722412968709759",
"web"
],
[
"proxy",
"https://mastodon.social/users/hrbrmstr/statuses/112722412968709759",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mastodon.social/users/hrbrmstr/statuses/112722412968709759",
"pink.momostr"
],
[
"expiration",
"1722600682"
]
],
"content": "Um… CVE-2024-29510 (Ghostscript format string vuln that lets RCE escape the sandbox) sounds…bad? Especially since GS is in many automagic document processing pipelines in thousands of orgs (who likely don't know it’s powering their pipelines).\n\nhttps://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/",
"sig": "275716c2c7eab6a5a29a1db62c62b21b2f7b70d8b6da13077bc6c25a8bdb7848605f6386c819244df3c1dec430cafb02c1189fba15703d3106a03c1ea4c40bf8"
}