Hacker News new | ask | show | jobs
by nieve 715 days ago
It allows full RCE from an uploaded or opened file. That seems reasonably critical to me.
2 comments
worthless-trash 709 days ago
Thats.. in bad faith.

If thats the qualification for "remote" then you can say that every attack is remote and it clearly isnt.

link
out_of_protocol 715 days ago
Does this work with .pdf files? i.e. attacker uploads evil.pdf
link
llimllib 714 days ago
yes, also with .eps files
link