科技回声

Great writeup. The more I learn about GhostScript / PostsScript / PDF‘s in general, the more I‘m amazed that such a complicated system can produce simple documents that are relied upon by billions of people.<p>I feel when like compared to a lot of other consumer facing software, PDF‘s are an incredible achievement. 99% of the time, a PDF will look and work the exact same to every user regardless of their environment. They can be editable at the exact needed places and when I print them, I can be sure the result will look exactly as I expect.<p>The only gripe I have with them is that while I can easily specify input fields, easily extracting that data isn‘t always as reliable.

This is the most perfectly named CVE.

Kind of horrifying to hear ghostscript is being invoked on untrusted inputs via the web... that program must have an endless supply of RCEs if one just looks.

So maybe this is off topic, but is anyone going around with GPT-4 to re-examine every single public source code for more new exploits yet?

This is the most perfectly named CVE.

Kind of horrifying to hear ghostscript is being invoked on untrusted inputs via the web... that program must have an endless supply of RCEs if one just looks.

So maybe this is off topic, but is anyone going around with GPT-4 to re-examine every single public source code for more new exploits yet?

Shell in the Ghost: Ghostscript CVE-2023-28879 writeup

4 条评论

Shell in the Ghost: Ghostscript CVE-2023-28879 writeup

4 条评论