New public ghostscript vulnerability.
|Reported by:||Owned by:|
Today debian announced they have patched ghostscript for CVE-2021-3781. a new 0-day which has been exploited for some time, and public for a few days. In particular, it can be exploited via ImageMagick's convert program if that can be used to convert uploaded files to a different format.
Upstream bug report now public at https://bugs.ghostscript.com/show_bug.cgi?id=704342 - this applies to all versions from 9.50 onwards.