Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Example Analysis of remote Command execution vulnerability bypassed by ghostscript Sandbox

2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >

Share

Shulou(Shulou.com)06/01 Report--

This article will explain in detail the example analysis of ghostscript sandbox bypass remote command execution vulnerabilities. The editor thinks it is very practical, so I share it with you as a reference. I hope you can get something after reading this article.

0x00 vulnerability background

On Nov. 21, Man Yue Mo, a security researcher on the Semmle team, pointed out again through semmle's official website [https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf]] that ghostscript's security sandbox can be bypassed and can cause remote command execution by constructing malicious PDF content.

Ghostscript is widely used, such as ImageMagick, python-matplotlib, libmagick and other image processing applications.

Impact of 0x01 vulnerabilities

After checking the version, 360CERT confirms that the version of commit corresponding to 9.26 RELEASE is

867deb44ce59102b3c817b8228d9cbfd9d9b1fde

So the affected version is

Version

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Vulnerabilities files versions updates commands malicious applications sandboxes tools articles impacts examples analysis security content images image processing official suggestions more vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple vpn MySQL OPPO Reno Apple Shulou Technology Shulou Information NVidia Docker Linux Huawei Xiaomi Redmi Microsoft MariaDB macOS Shulou Tech Info vpn MySQL OPPO Reno Apple Shulou Technology Shulou Information NVidia Docker Linux Huawei Xiaomi Redmi Microsoft MariaDB macOS Shulou Tech Info

Share To

Related

Internet Technology

More Internet Technology >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report