CVE-2024-29510 – Exploiting Ghostscript using format strings(codeanlabs.com)
codeanlabs.com
CVE-2024-29510 – Exploiting Ghostscript using format strings
https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/
9 comments
%n strikes again.
I believe that by default on osx %n is only respected if the format string is in readonly memory, I thought the default in Linux was to just ignore it?
I believe that by default on osx %n is only respected if the format string is in readonly memory, I thought the default in Linux was to just ignore it?
Friendly question given the fatigue around bs critical CVEs. Is this properly rated?
It allows full RCE from an uploaded or opened file. That seems reasonably critical to me.
Thats.. in bad faith.
If thats the qualification for "remote" then you can say that every attack is remote and it clearly isnt.
If thats the qualification for "remote" then you can say that every attack is remote and it clearly isnt.
Does this work with .pdf files? i.e. attacker uploads evil.pdf
yes, also with .eps files
The article describes the vulnerability in some detail so you don't have to rely on the rating at all. In fact, you can completely ignore any mention of CVEs lose nothing.
If I see a vulnerability in Ghostscript, I basically assume is full RCE at this point..
https://tracker.debian.org/pkg/ghostscript