CVE-2017-8291

Name
CVE-2017-8291
Description
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Mailing List http://openwall.com/lists/oss-security/2017/04/28/2
Mailing List http://www.debian.org/security/2017/dsa-3838
Broken Link http://www.securityfocus.com/bid/98476
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1230
Issue Tracking https://bugs.ghostscript.com/show_bug.cgi?id=697808
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1446063
Exploit https://bugzilla.suse.com/show_bug.cgi?id=1036453
Broken Link https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d
Third Party Advisory https://security.gentoo.org/glsa/201708-06
Exploit https://www.exploit-db.com/exploits/41955/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:* ghostscript >= None < 9.21

Vulnerable and fixed packages

Source package Branch Version Maintainer Status