Latest Ghostscript vulnerability haunts experts as the next big breach enabler
Infosec experts warn of critical Ghostscript vulnerability CVE-2024-29510 allowing RCE. Despite medium severity rating, exploit could lead to severe impacts like file manipulation. Urgent patching advised to prevent breaches.
Read original article
Infosec experts are warning about a critical vulnerability in Ghostscript, a widely used Postscript and Adobe PDF interpreter. Tracked as CVE-2024-29510, the vulnerability allows remote code execution (RCE) after bypassing the default sandbox. The flaw was reported in March and fixed in April's version 10.03.1. Ghostscript is integral to various web applications and services for document conversion and preview functionalities. Despite being initially rated as medium severity, experts argue that the exploit could have a more severe impact, potentially allowing attackers to read, write files, and achieve RCE on affected systems. The vulnerability has raised concerns about inaccurate severity assessments by organizations like Tenable and Red Hat, with some experts believing the exploit could be more severe than the assigned CVSS score of 5.5. This is the second significant RCE vulnerability in Ghostscript within a year, emphasizing the importance of promptly applying patches to mitigate the risk of potential breaches. Organizations are urged to prioritize addressing this vulnerability to prevent exploitation.
Related
Vulnerability in Popular PC and Server Firmware
Eclypsium found a critical vulnerability (CVE-2024-0762) in Intel Core processors' Phoenix SecureCore UEFI firmware, potentially enabling privilege escalation and persistent attacks. Lenovo issued BIOS updates, emphasizing the significance of supply chain security.
MOVEit Transfer: Auth bypass and a look at exposure
Progress Software disclosed two critical authentication bypass CVEs affecting MOVEit Transfer and Gateway products on June 25, 2024. CVE-2024-5806 was upgraded from High to Critical. Censys reported 2,700 instances concentrated in the US, emphasizing ongoing vigilance.
RegreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems
A vulnerability in OpenSSH's server on glibc-based Linux systems (CVE-2024-6387) allows remote code execution. Exploiting this flaw requires precise timing. The advisory discusses exploitation details, success rates, and contacting developers for related issues.
Remote Unauthenticated Code Execution in OpenSSH Server
Qualys found regreSSHion, a critical RCE flaw in OpenSSH on glibc-based Linux systems. Over 14 million servers are at risk, with potential root access. Qualys created an exploit but delays release for patching.
CVE-2024-29510 – Exploiting Ghostscript using format strings
A format string vulnerability in Ghostscript up to version 10.03.0 allows code execution by bypassing the -dSAFER sandbox. Security experts urge updating to prevent potential remote code execution risks.
1 commentsRelated
Vulnerability in Popular PC and Server Firmware
Eclypsium found a critical vulnerability (CVE-2024-0762) in Intel Core processors' Phoenix SecureCore UEFI firmware, potentially enabling privilege escalation and persistent attacks. Lenovo issued BIOS updates, emphasizing the significance of supply chain security.
MOVEit Transfer: Auth bypass and a look at exposure
Progress Software disclosed two critical authentication bypass CVEs affecting MOVEit Transfer and Gateway products on June 25, 2024. CVE-2024-5806 was upgraded from High to Critical. Censys reported 2,700 instances concentrated in the US, emphasizing ongoing vigilance.
RegreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems
A vulnerability in OpenSSH's server on glibc-based Linux systems (CVE-2024-6387) allows remote code execution. Exploiting this flaw requires precise timing. The advisory discusses exploitation details, success rates, and contacting developers for related issues.
Remote Unauthenticated Code Execution in OpenSSH Server
Qualys found regreSSHion, a critical RCE flaw in OpenSSH on glibc-based Linux systems. Over 14 million servers are at risk, with potential root access. Qualys created an exploit but delays release for patching.
CVE-2024-29510 – Exploiting Ghostscript using format strings
A format string vulnerability in Ghostscript up to version 10.03.0 allows code execution by bypassing the -dSAFER sandbox. Security experts urge updating to prevent potential remote code execution risks.