Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,296
- Points
- 113
The vulnerability of the format string class in the Ghostscript toolkit has already been patched, but due to its wide distribution, the presence of PoC and data on its use in attacks, users are strongly recommended to update the package to version 10.03.1.
The Ghostscript interpreter allows users of Windows, Linux, macOS, and various embedded operating systems to view, print, and convert PDF and image files. It is used by ImageMagick, LibreOffice, GIMP, Inkscape, Scribus, and the CUPS print server; the package is also pre-installed in many Linux distributions.
The possibility of a format string attack (a type of code injection) in a popular product was discovered by researchers from the Dutch company Codean Labs. The corresponding notification was sent to the Ghostscript team last March.
The vulnerability, registered as CVE-2024-29510, was caused by an incorrect implementation of the sandbox –dSAFER. It is enabled by default and is supposed to prevent potentially dangerous operations (command execution), but it turned out that this protection can be circumvented by changing the format strings passed to the Uniprint logical device.
In Tenable, the discovery was rated at 6.3 CVSS v3 points (moderate danger), but some experts do not agree with this verdict. This vulnerability, like last year's CVE-2023-36664, allows you to execute any code remotely, which means that the threat rating should be higher.
The Ghostscript team fixed a new problem in May by including a patch in the 10.03.1 build. Earlier this month, Codean Labs published a PoC exploit for Linux (x86-64), and then there were data about the use of CVE-2024-29510 in attacks. Attackers tried to use EPS (PostScript) files disguised as JPG files to gain shell access to vulnerable systems.
The Ghostscript interpreter allows users of Windows, Linux, macOS, and various embedded operating systems to view, print, and convert PDF and image files. It is used by ImageMagick, LibreOffice, GIMP, Inkscape, Scribus, and the CUPS print server; the package is also pre-installed in many Linux distributions.
The possibility of a format string attack (a type of code injection) in a popular product was discovered by researchers from the Dutch company Codean Labs. The corresponding notification was sent to the Ghostscript team last March.
The vulnerability, registered as CVE-2024-29510, was caused by an incorrect implementation of the sandbox –dSAFER. It is enabled by default and is supposed to prevent potentially dangerous operations (command execution), but it turned out that this protection can be circumvented by changing the format strings passed to the Uniprint logical device.
In Tenable, the discovery was rated at 6.3 CVSS v3 points (moderate danger), but some experts do not agree with this verdict. This vulnerability, like last year's CVE-2023-36664, allows you to execute any code remotely, which means that the threat rating should be higher.
The Ghostscript team fixed a new problem in May by including a patch in the 10.03.1 build. Earlier this month, Codean Labs published a PoC exploit for Linux (x86-64), and then there were data about the use of CVE-2024-29510 in attacks. Attackers tried to use EPS (PostScript) files disguised as JPG files to gain shell access to vulnerable systems.
