CodeanWe found #CVE-2024-29510, a format string vulnerability in Ghostscript ≤ 10.03.0. It enables attackers to gain code execution while also bypassing all sandbox protections.
This vulnerability has significant impact on web-applications and other services offering document conversion and preview functionalities as these often use #Ghostscript under the hood and an attacker can easily get #RCE. Ensure you are running the latest version!
https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation
CVE-2024-29510 - Exploiting Ghostscript using format strings — Codean Labs
A format string vulnerability in Ghostscript ≤ 10.03.0 which enables attackers to gain Remote Code Execution (#RCE) while also bypassing sandbox protections. CVE-2024-29510 has significant impact on web-applications and other services offering document conversion and preview functionalities as these often use Ghostscript under the hood. We recommend verifying whether your solution (indirectly) makes use of Ghostscript and if so, update it to the latest version!