Posts in:

Ghostscript

Exploiting CVE-2018-19134: Ghostscript RCE through type confusion

This post describes how I used variant analysis to develop an exploit for Ghostscript CVE-2018-19134, a type confusion vulnerability that allows arbitrary shell command execution.

February 05, 2019

Ghostscript type confusion: Using variant analysis to find vulnerabilities

This post describes how to perform variant analysis with QL to catch missing type checking in Ghostscript, leading to the discovery of 3 new type confusion vulnerabilities (CVE-2018-19134, CVE-2018-19476, CVE-2018-19477)

January 22, 2019

CVE-2018-19475: Ghostscript shell command execution in SAFER mode

This post describes how I carried out variant analysis on a vulnerability found by Google Project Zeromember Tavis Ormandy and ended up with a new one.

January 14, 2019

Browse all tags