I think CVE-2024-29510 (Ghostscript vuln) may apply to Mastodon, as Mastodon sends images to ImageMagick, which can call Ghostscript. But I might be wrong.
@GossiTheDog
Does Ghostscript get used for any filetypes that Mastodon accepts?
My mind links Ghostscript and PDFs.