[pryelluw]

Friendly question given the fatigue around bs critical CVEs. Is this properly rated?

[nieve]

It allows full RCE from an uploaded or opened file. That seems reasonably critical to me.

[worthless-trash]

Thats.. in bad faith.

If thats the qualification for "remote" then you can say that every attack is remote and it clearly isnt.

[out_of_protocol]

Does this work with .pdf files? i.e. attacker uploads evil.pdf

[llimllib]

yes, also with .eps files

[pvg]

The article describes the vulnerability in some detail so you don't have to rely on the rating at all. In fact, you can completely ignore any mention of CVEs lose nothing.

[SkyPuncher]

If I see a vulnerability in Ghostscript, I basically assume is full RCE at this point..