Ghostscript sandbox escape enabling RCE via malicious EPS/PDF files. Widely exploited through image processing pipelines (ImageMagick, LibreOffice, email attachments). Update Ghostscript and disable Ghostscript in your document processing pipeline if possible.
Artifex Ghostscript through 2017-04-26 allows -dSAFER sandbox bypass via a crafted .eps file with a format string in a /OutputFile redirect, exploiting the osprintf function.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →