Executive Summary

The recent autonomous discovery of over 500 high-severity vulnerabilities by Claude Opus 4.6, a cutting-edge large language model developed by Anthropic, marks a watershed moment in cybersecurity. These vulnerabilities, found across major open-source libraries such as Ghostscript, OpenSC, and CGIF, have the potential to impact a vast array of enterprise, cloud, and critical infrastructure systems worldwide. The vulnerabilities include memory corruption, buffer overflows, and logic errors, many of which could be exploited for remote code execution, denial of service, or sensitive data leakage. This advisory provides a comprehensive technical analysis, exploitation context, and actionable recommendations, leveraging only publicly available, scraped data.

Technical Information

Claude Opus 4.6 was deployed in a virtualized environment with access to standard developer tools, including debuggers, fuzzers, coreutils, and Python. The model operated autonomously, without specialized prompts or custom harnesses, and focused on identifying memory corruption vulnerabilities due to their high impact and ease of validation. All findings were subsequently human-validated to eliminate hallucinations and false positives.

The vulnerabilities discovered span a wide range of open-source projects, but the most notable and impactful findings are in Ghostscript, OpenSC, and CGIF.

In Ghostscript, a missing bounds check in the Type 1 charstrings font handling code was identified. [DISPUTED - NVD states: CVE-2024-29510 is a format string injection in the uniprint device, not a Type 1 charstrings issue. The fix is in 10.03.1, not 10.03.0.] By analyzing the Git commit history, Claude Opus 4.6 detected a commit that introduced stack bounds checking, inferring that previous versions were vulnerable. The model then crafted a PostScript file that triggered a crash in unpatched versions, demonstrating the exploitability of the flaw. This vulnerability was rapidly patched by the maintainers.

OpenSC was found to contain a buffer overflow vulnerability due to the unsafe use of the strcat() function on a fixed-size buffer. [VERIFIED - NVD] Claude Opus 4.6 systematically searched for unsafe function calls and identified concatenation operations lacking proper length checks. The model reasoned that a crafted input could overflow the buffer, potentially leading to remote code execution or denial of service. This issue was also patched following responsible disclosure.

In CGIF, a heap buffer overflow was discovered in the LZW decompression logic. [VERIFIED - Multiple Sources] By reasoning about the GIF/LZW algorithm, Claude Opus 4.6 identified that certain sequences could cause compressed data to exceed the allocated buffer size. The model demonstrated that specially crafted GIF files could trigger this overflow, bypassing traditional fuzzers. The vulnerability was fixed in CGIF v0.5.1.

The technical sophistication of these findings underscores the growing capability of AI-driven vulnerability research. Claude Opus 4.6 not only identified vulnerabilities but also reasoned about their exploitability, crafted proof-of-concept files, and provided actionable intelligence for remediation.

Exploitation in the Wild

As of the latest public disclosures, there are no confirmed reports of active exploitation of these vulnerabilities in the wild. [DISPUTED - Multiple sources (SecPod, SecurityWeek, SecurityBoulevard) confirm CVE-2024-29510 (Ghostscript) is actively exploited in the wild.] Anthropic and the maintainers of the affected libraries have coordinated responsible disclosure and released patches prior to public announcement. However, given the foundational role of these libraries in numerous software stacks, exploitation attempts are anticipated to increase following the public release of technical details and patches. Organizations should remain vigilant and monitor for signs of exploitation, particularly in environments where patching may be delayed.

APT Groups using this vulnerability

There is currently no public evidence attributing exploitation of these vulnerabilities to any known Advanced Persistent Threat (APT) groups. [VERIFIED - MITRE] No threat intelligence feeds, MITRE ATT&CK mappings, or vendor advisories have linked these specific flaws to active campaigns or threat actors. Nevertheless, the critical nature of the vulnerabilities and the ubiquity of the affected libraries make them attractive targets for both opportunistic attackers and sophisticated APT groups. The MITRE ATT&CK techniques most relevant to these vulnerabilities include T1204: User Execution, T1190: Exploit Public-Facing Application, T1068: Exploitation for Privilege Escalation, and T1499: Endpoint Denial of Service. [VERIFIED - MITRE]

Affected Product Versions

The vulnerabilities impact the following product versions:

Ghostscript is affected in all versions prior to 10.03.0. [DISPUTED - NVD states: CVE-2024-29510 affects all versions prior to 10.03.1.] This includes widely deployed versions in enterprise Linux distributions and application stacks. The vulnerability is a missing stack bounds check in Type 1 charstrings font handling, leading to potential memory corruption and stack buffer overflow. [DISPUTED - NVD states: The vulnerability is a format string injection in the uniprint device.] The issue is resolved in version 10.03.0 and later. [DISPUTED - NVD states: Fixed in 10.03.1.]

OpenSC is vulnerable in all versions prior to 0.25.0. [VERIFIED - NVD] The buffer overflow arises from unsafe use of strcat() on a fixed-size buffer. Notable vulnerable package versions include 0.24.x and earlier (Ubuntu 24.04 LTS, 24.10), 0.22.x and earlier (Ubuntu 22.04 LTS), 0.20.x and earlier (Ubuntu 20.04 LTS), 0.17.x and earlier (Ubuntu 18.04 LTS), and 0.15.x and earlier (Ubuntu 16.04 LTS). The issue is fixed in version 0.25.0 and later.

CGIF is affected in all versions prior to 0.5.1. [VERIFIED - Multiple Sources] The heap buffer overflow in LZW decompression logic is resolved in version 0.5.1 and later.

These vulnerabilities are confirmed by multiple advisories and release notes, including those from Anthropic, Codean Labs, SecPod, Vicarius, and the CGIF project. [VERIFIED - Multiple Sources]

Workaround and Mitigation

Immediate patching is the most effective mitigation strategy. Organizations should upgrade Ghostscript to version 10.03.0 or later, OpenSC to version 0.25.0 or later, and CGIF to version 0.5.1 or later. [DISPUTED - NVD states: Ghostscript fix is in 10.03.1, not 10.03.0.] Where immediate patching is not feasible, organizations should restrict the processing of untrusted files, monitor application logs for unexplained crashes or abnormal behavior, and consider isolating vulnerable components from critical systems.

Additional mitigations include monitoring vendor advisories and Anthropic’s disclosures for further vulnerabilities and patches, and integrating AI-driven code review tools into the software development lifecycle to proactively identify similar vulnerabilities. Reviewing application logs for segmentation faults, crashes, or memory errors when processing untrusted PostScript, PDF, smart card, or GIF files can help detect potential exploitation attempts.

References

The following sources provide further technical details and context:

The Hacker News: Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries, Anthropic Red Team Blog: Evaluating and mitigating the growing risk of LLM-discovered 0-days, Reddit: Claude Opus 4.6 Uncovers Over 500 Major Security Flaws, OpenSourceForU: Open Source Security Gets AI Boost As Claude Detects 500+ Critical Issues, CGIF Release Notes, Codean Labs, SecPod, Vicarius, OpenSC Security Advisories, Ubuntu Security Notice USN-7346-1.

Rescana is here for you

Rescana’s Third-Party Risk Management (TPRM) platform empowers organizations to continuously monitor, assess, and manage the security posture of their software supply chain and vendor ecosystem. Our advanced analytics and automation capabilities help you identify, prioritize, and remediate risks across your digital landscape. If you have any questions about this advisory or need assistance in evaluating your exposure to these or other vulnerabilities, our cybersecurity experts are ready to help. Please contact us at ops@rescana.com.