The Journey of Discovering the Ghostscript CVEs

July 10, 2019 | 5pm CET, 12pm EST, 9am PST

Ghostscript, the core utility for viewing PDF on many systems, was first developed in 1986 by Peter Deutsch (who now is a musical composer).

Join us in this virtual journey of how Tavis Ormandy from Google P0 first uncovered the RCEs on anyone opening a malicious PDF file in Ghostscript in 2018. We will also share how variant analysis enabled the rapid discovery of similar, critical issues in CVE-2018-19475, CVE-2018-19134, CVE-2018-19476 and CVE-2018-19477.

In this webinar, you will learn how to write your first query in QL, Semmle's object oriented query language to quickly discover variants of critical vulnerabilities in your code.