Active exploitation of Ghostscript RCE underway

SecurityWeek reports that intrusions involving the exploitation of a format string injection vulnerability in the widely used general document conversion toolkit Ghostscript, which could be used to achieve remote code execution, have already been ongoing.

Attackers could leverage the flaw, tracked as CVE-2024-29510, via image and document processors to evade Ghostscript's sandbox, execute shell commands, leak stack-based data, and achieve memory corruption, indicating a "significant impact" on web apps and other services with document conversion capabilities, according to Codean Labs, which discovered and developed a proof-of-concept exploit for the bug. Immediate remediation of the security issue has been recommended by Codean and other security experts. "The best mitigation against this vulnerability is to update your installation of Ghostscript to v10.03.1. If your distribution does not provide the latest Ghostscript version, it might still have released a patch version containing a fix for this vulnerability," said Codean.

