9 comments

[ 5.8 ms ] story [ 40.1 ms ] thread
Friendly question given the fatigue around bs critical CVEs. Is this properly rated?
The article describes the vulnerability in some detail so you don't have to rely on the rating at all. In fact, you can completely ignore any mention of CVEs lose nothing.
It allows full RCE from an uploaded or opened file. That seems reasonably critical to me.
Does this work with .pdf files? i.e. attacker uploads evil.pdf
Thats.. in bad faith.

If thats the qualification for "remote" then you can say that every attack is remote and it clearly isnt.

If I see a vulnerability in Ghostscript, I basically assume is full RCE at this point..
%n strikes again.

I believe that by default on osx %n is only respected if the format string is in readonly memory, I thought the default in Linux was to just ignore it?