← Back

CVE-2017-8291

nvd nist
Published: Apr 27, 2017Modified: Apr 21, 2026CISA KEV

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.

Affected (20)

Artifex
1 product
Ghostscript
Debian
1 product
Debian Linux
Redhat
6 products
Enterprise Linux Desktop
Enterprise Linux Eus
Enterprise Linux Server
Enterprise Linux Server Aus
Enterprise Linux Server Tus
Enterprise Linux Workstation
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Ghostscript
Before 9.21
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 8.0
Configuration C
18 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Enterprise Linux Desktop
Version 6.0
Enterprise Linux Desktop
Version 7.0
Redhat
Enterprise Linux Eus
Version 7.3
Enterprise Linux Eus
Version 7.4
Enterprise Linux Eus
Version 7.5
Enterprise Linux Eus
Version 7.6
Enterprise Linux Eus
Version 7.7
Redhat
Enterprise Linux Server
Version 6.0
Enterprise Linux Server
Version 7.0
Redhat
Enterprise Linux Server Aus
Version 7.3
Enterprise Linux Server Aus
Version 7.4
Enterprise Linux Server Aus
Version 7.6
Enterprise Linux Server Aus
Version 7.7
Redhat
Enterprise Linux Server Tus
Version 7.3
Enterprise Linux Server Tus
Version 7.6
Enterprise Linux Server Tus
Version 7.7
Redhat
Enterprise Linux Workstation
Version 6.0
Enterprise Linux Workstation
Version 7.0

Related CWEs

CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References (21)

Source: cve@mitre.org
Mailing ListPatchThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Broken LinkThird Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Issue TrackingThird Party AdvisoryVDB Entry
Source: cve@mitre.org
Issue TrackingPatchThird Party AdvisoryVDB Entry
Source: cve@mitre.org
ExploitIssue TrackingThird Party AdvisoryVDB Entry
Source: cve@mitre.org
Broken Link
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.