Follow

If you have ghostscript *anywhere* in your production services, you are probably vulnerable to a shockingly trivial remote shell execution, and you should upgrade it or remove it from your production systems.

codeanlabs.com/blog/research/c

One thing to note is that imagemagick will automatically forward postscript files to ghostscript, so if you are using imagemagick anywhere you are probably vulnerable. (If you are using javascript libraries to process images, you probably are!)

· · Elk · 5 · 34 · 21