Remote code execution in Ghostscript can be exploited by parsing malicious PostScript (EPS) files.
The software is very popular together with ImageMagic, and it’s used to parse uploaded files to generate thumbnails or convert them to different formats.

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

At risk

All versions older than 10.01.0

Mitigation

Update to 10.01.0

Detection

• https://www.tenable.com/cve/CVE-2023-28879
  

Proof of Concept

• https://github.com/AlmondOffSec/PoCs/tree/master/Ghostscript_rce

ImageMagick 7.1.0-49 is vulnerable to Information Disclosure by injecting a malicious PNG file.

“A malicious actor could craft a PNG or use an existing one and add a textual chunk type (e.g., tEXt). These types have a keyword and a text string. If the keyword is the string “profile” (without quotes) then ImageMagick will interpret the text string as a filename and will load the content as a raw profile, then the attacker can download the resized image which will come with the content of a remote file.”

At risk

ImageMagick 7.1.0-49

Mitigation

Patch to version 7.1.0-52 or higher

Proof of Concept of the XSS attack is publicly available.

This is an XSS attack, which doesn’t require authentication to plant the code, but it requires user interaction (visit something in web interface) to trigger it.

Original tweet: https://twitter.com/ptswarm/status/1408050644460650502
Copy of tweet (screenshot) and analysis https://www.tenable.com/blog/cve-2020-3580-proof-of-concept-published-for-cisco-asa-flaw-patched-in-october

Proof of Concept

https://github.com/lockedbyte/CVE-Exploits/tree/master/CVE-2021-3156