Done some variant analysis with the Ghostscript RCEs that @taviso found in the last few months and ended up finding another -dSAFER bypass RCE, plus some type confusions, one of which is also a proper RCE. All patched in 9.26. Write ups coming soon.https://youtu.be/20yfCccIORE?list=PL4nLCsS1XswwqIa4di5NHxbh0xAHQ-xgw …
-
-
Thanks! I've agreed with the vendor to not publish the details for a couple of weeks, but should be able to share some details, as well as the tools I used to discover these bugs after that.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.