hrbrmstr: @awpiii.bsky.social G'day Sunshine! If you have any mates you still engage w/back @ the old ranch, mebbe let them know abt CVE-2024-29510 b/c you know what I know w/r/t where ghostscript is there. codeanlabs.com/blog/researc...

@awpiii.bsky.social G'day Sunshine! If you have any mates you still engage w/back @ the old ranch, mebbe let them know abt CVE-2024-29510 b/c you know what I know w/r/t where ghostscript is there. codeanlabs.com/blog/researc...

CVE-2024-29510 - Exploiting Ghostscript using format strings — Codean Labscodeanlabs.com A format string vulnerability in Ghostscript ≤ 10.03.0 which enables attackers to gain Remote Code Execution (#RCE) while also bypassing sandbox protections. CVE-2024-29510 has significant impact on w...

Oooh. DMs available now. Excellent.

I’ll confer with the usual suspect.

@awpiii.bsky.social RedHat and Tenable are low-balling this (RedHat won't fix it, too) and both borked their vector strings (NVD is broken and has no assessment). This is gonna hurt *alot* of orgs. I have info of one known/successful attachment processing pipeline already.

Post