Thanks for the reminder, have you seen any samples for infection in the wild for this vulnerability?
-
-
-
No, but "ghostbutt" and "imagetragick" are two similar vulnerabilities that were found in the wild.
End of conversation
New conversation -
-
-
so end of sabbatical :p ?
-
Hah, yes, slowly getting back up to speed!

- 1 more reply
New conversation -
-
-
Does this have a
#CVE? Pretty classic exposure vulnerability. -
You mean a CVE for not disabling ghostscript coders in ImageMagick? No, but that's a good idea! Can you help allocate one?

- 3 more replies
New conversation -
-
-
Any ideas how to craft pdf poc? I didn't success with it yet:(
-
I mean, is it possible to create valid pdf file with PS part?
- 2 more replies
New conversation -
-
-
I asked myself how. After a bit of googling (at least for imagemagick): add <policy domain="coder" rights="none" pattern="{PS,EPS,PDF,XPS}" /> to /etc/ImageMagick-6/policy.xml Was missing on my current Ubuntu18.04 (upgraded)
-
Warning: I did a find on / and discovered a separate policy.xml for Inkscape: /snap/inkscape/4274/etc/ImageMagick-6/policy.xml Unfortunately I can't edit it, even with sudo! I don't know much about snaps, so I'm not sure how to get at it.
- 5 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.