Overnight @taviso dropped a few vulnerabilities in GhostScript, including one that will cause code execution in ImageMagick.

Link to the bug report in Project Zero.

ImageMagick is not shy when it comes to the amount of vulnerabilities disclosed, with over 40 in 2018, and who can forget the marketing around ‘ImageTragick’?

The ImageMagick code execution caught my eye, mostly because it is widely used on web servers, it seemed fairly trivial to exploit, and seemed to show the most promise in turning to a remote code execution.