Remote Code Execution vulnerability – Artifex Ghostscript (CVE-2024-29510). Memory corruption allows to bypass the SAFER sandbox and execute arbitrary code.
Ghostscript is a PostScript and PDF document interpreter. It is used in ImageMagick, LibreOffice, GIMP, Inkscape, Scribus, CUPS, etc. It is available for many OS.
Ghostscript version 10.03.1, which fixes the vulnerability, was released on May 2. On July 2, Codean Labs published a detailed analysis of this vulnerability and PoC. In the video they launch the calculator by opening a special ps file with the ghostscript utility or a special odt file in LibreOffice. On July 10, a functional exploit was released on GitHub. And on July 19, a module for Metasploit was released.
The media writes that the vulnerability is being exploited in the wild. However, it’s based on a single microblog post by some Portland developer. 
I think more reliable evidence of exploitation in attacks will appear soon.
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.