Ghostscript sandbox escape enabling RCE via malicious EPS/PDF files. Widely exploited through image processing pipelines (ImageMagick, LibreOffice, email attachments). Update Ghostscript and disable Ghostscript in your document processing pipeline if possible.
Artifex Ghostscript through 2017-04-26 allows -dSAFER sandbox bypass via a crafted .eps file with a format string in a /OutputFile redirect, exploiting the osprintf function.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →