CyberVeille.ch23h ago

📢 ImageMagick : chaîne de zero-days permettant RCE sur toutes les politiques de sécurité
📝 ## 🔍 Contexte

Publié le 02/04/2026 par Octagon Networks sur pwn.ai, cet article détaille une recherche offensive...
📖 cyberveille : https://cyberveille.ch/posts/2026-02-04-imagemagick-chaine-de-zero-days-permettant-rce-sur-toutes-les-politiques-de-securite/
🌐 source : https://pwn.ai/blog/imagemagick-from-arbitrary-file-read-to-rce-in-every-policy-zeroday
#GhostScript #IOC #Cyberveille

ImageMagick : chaîne de zero-days permettant RCE sur toutes les politiques de sécurité

🔍 Contexte Publié le 02/04/2026 par Octagon Networks sur pwn.ai, cet article détaille une recherche offensive autonome menée par l’agent IA pwn.ai pendant près de 5 jours, initiée lors d’un engagement client sur une application web minimaliste dont la seule surface d’attaque était une boîte d’upload traitant les fichiers via ImageMagick. 🎯 Découvertes principales La recherche a abouti à la découverte de multiples zero-days dans ImageMagick affectant toutes les distributions Linux majeures (Ubuntu 22.04, Debian, Fedora, RHEL, Arch, Alpine, Amazon Linux, macOS Homebrew, Docker) ainsi que les installations WordPress.

CyberVeille
Show threadRobert WolffMar 24

“Secure #redaction by design and through extensive #testing

#Censor 0.6.0 comes with many more #security improvements, motivated by extensive testing on more then 1,000 #PDF document samples. You may now redact securely also links, form fields and widgets. In rare cases, when partial image redaction fails, the more secure full image removal is used instead.

But even more important, Censor now warns you, when unsuccessful redaction is detected during postprocessing. This reduces the impact of known issues of unsecure redaction.

Polish is the 11th language you may speak with Censor. Thanks to its translators (among them, @mondstern)!

Thanks a lot also to #pypdf, #qpdf, #pikepdf, #Ghostscript, #MuPDF, #PyMuPDF, and #poppler contributors for the great resource of PDF document samples!

Find it at @flathub: https://flathub.org/apps/page.codeberg.censor.Censor and @Codeberg: https://codeberg.org/censor/Censor

#Censorship #Codeberg #Flathub #GNOME #Linux #Python

Install Censor on Linux | Flathub

Redact PDF documents

Patchday RobotMar 17
New Version: Artifex #Ghostscript 10.07.0 (stable;x86-64) #GS https://ghostscript.com/releases/gsdnld.html
Ghostscript : Releases

Download the latest Ghostcript releases.

Patchday RobotMar 17
New Version: Artifex #Ghostscript 10.07.0 (stable;x86) #GS https://ghostscript.com/releases/gsdnld.html
Ghostscript : Releases

Download the latest Ghostcript releases.

Patch Notification Robot 🔔Mar 16
Artifex Software released #Ghostscript version 10.07.0. https://www.ghostscript.com/releases/gsdnld.html
Ghostscript : Releases

Download the latest Ghostcript releases.

Show threadRobert WolffMar 16

That said and celebrated ;), there are things that #Censor is not yet well redacting.

The upstream library #MuPDF (with its #Python bindings in #PyMuPDF) supports by default only redaction of text, vector graphics and images. Testing on a variety of PDF files (thanks to #pypdf, #qpdf, #ghostscript, and their issue reporters, as well as @pdfarranger for their hint) let me discover that some vector graphics are not properly redacted and an upstream issue has been reported for that.

Also, form fields (widgets), signatures and links may be incompletely redacted.

You can find an updated list of “What is redacted? What not?” here: https://codeberg.org/censor/Censor/issues/120

#pdf #redaction #security

meta: What is redacted? What not?

> **Warning** > The following description is **not** valid for Censor until version 0.4.0. I recommend to update to [version 0.5.0](https://codeberg.org/censor/Censor/releases/tag/v0.5.0) for secure redaction. ## Elements under redaction rectangles - [x] Text: - characters are removed when ...

Codeberg.org
Show threadhalf/byteJan 29

'ere you go:

https://jan.krutisch.de/en/2026/01/26/using-ghostscript-on-ubuntu.html

#Ghostscript #Ubuntu #Apparmor #ZUGFeRD

Jan Krutisch - Using Ghostscript on Ubuntu

Show threadhalf/byteJan 29

I fixed my issue. This is incredibly dumb. Ubuntu's Apparmor restricted the file extensions ghostscript was able to read. And, lo and behold, both XML and ICC (Color profiles) were not in that list.

This MUST be a bug, now where to report it to?

I learned a thing or two about postscript and ghostscript on the way. Not sure I needed that but here we are.

I'll turn this into a quick blog post.

#Ubuntu #Ghostscript #ZUGFeRD

Show threadAndreas AlbrechtJan 22
@gborn Ich würde mich freuen, in weiteren Teilen des Beitrags würde nicht nur #Fakturama beleuchtet. Die von mir lizenzierte Fachsoftware (leider unter Windows) erzeugt mittlerweile #XRechnung•en (noch nicht fehlerfrei). Ich hätte gern etwas (ein Skript?), das aus dem PDF/A und der XML ein #ZUGFeRD-PDF macht. Gibt's das? Geht das mit #Ghostscript? Würde es jemand für kleines Geld schreiben?
OSTechNixJan 7

Learn how to convert man pages to PDF using man -t and ps2pdf. Complete guide with commands for Linux, BSD, and macOS.

Read the full guide here: https://ostechnix.com/print-export-man-pages-pdf-linux-unix/

#Manualpages #manpage #pdf #ps2pdf #Ghostscript #Postscript #mandoc #Linux #Unix #Bsd #Macos #Linuxcommands #Linuxbasics #Linuxhowto #Sysadmin #Linuxadmin

How to Print and Export Man Pages to PDF in Linux and Unix - OSTechNix

Learn how to convert man pages to PDF using man -t and ps2pdf. Complete guide with commands for Linux, BSD, and macOS.

OSTechNix