"RCE Bug in Widely Used Ghostscript Library Now Exploited in Attacks"

Attackers are exploiting a Remote Code Execution (RCE) vulnerability in a Linux-wide Ghostscript document conversion toolkit. Ghostscript is pre-installed on many Linux distributions and is used by ImageMagick, LibreOffice, GIMP, Inkscape, Scribus, and the CUPS printing. All Ghostscript 10.03.0 and earlier installations are vulnerable to this format string flaw. Unpatched Ghostscript versions fail to prevent changes to uniprint device argument strings after the sandbox is activated, allowing attackers to escape the default -dSAFER sandbox. This article continues to discuss the potential exploitation and impact of the RCE vulnerability in the Ghostscript document conversion toolkit.

BleepingComputer reports "RCE Bug in Widely Used Ghostscript Library Now Exploited in Attacks"

Submitted by grigby1

Submitted by grigby1 CPVI on