Security News > 2024 > July > RCE bug in widely used Ghostscript library now exploited in attacks
A remote code execution vulnerability in the Ghostscript document conversion toolkit, widely used on Linux systems, is currently being exploited in attacks.
Ghostscript comes pre-installed on many Linux distributions and is used by various document conversion software, including ImageMagick, LibreOffice, GIMP, Inkscape, Scribus, and the CUPS printing system.
Ps While the Ghostscript development team patched the security flaw in May, Codean Labs published a write-up with technical details and proof-of-concept exploit code two months later.
Attackers are already exploiting the CVE-2024-29510 Ghostscript vulnerability in the wild, using EPS files camouflaged as JPG files to get shell access to vulnerable systems.
"The best mitigation against this vulnerability is to update your installation of Ghostscript to v10.03.1. If your distribution does not provide the latest Ghostscript version, it might still have released a patch version containing a fix for this vulnerability," Codean Labs added.
One year ago, the Ghostscript developers patched another critical RCE flaw also triggered by opening maliciously crafted files on unpatched systems.
News URL
Related news
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-03 | CVE-2024-29510 | Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device. | 0.0 |