Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a “/OutputFile (%pipe%” substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.

References

openwall.com/lists/oss-security/2017/04/28/2

www.debian.org/security/2017/dsa-3838

www.securityfocus.com/bid/98476

access.redhat.com/errata/RHSA-2017:1230

bugs.ghostscript.com/show_bug.cgi?id=697808

bugzilla.redhat.com/show_bug.cgi?id=1446063

bugzilla.suse.com/show_bug.cgi?id=1036453

git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d

security.gentoo.org/glsa/201708-06

www.exploit-db.com/exploits/41955/

redhat 1

oraclelinux 3

archlinux 1

cisa_kev 1

nessus 27

openvas 18

suse 5

redhatcve 1

ubuntucve 1

zdt 1

checkpoint_advisories 1

osv 3

veracode 1

nvd 1

cve 1

f5 1

seebug 1

thn 2

attackerkb 1

ibm 1

prion 1

packetstorm 1

centos 1

amazon 1

debian 3

hackerone 1

debiancve 1

alpinelinux 1

metasploit 1

exploitdb 1

rapid7community 1

gentoo 1

ubuntu 2

fedora 3

mageia 1

redhat

(RHSA-2017:1230) Important: ghostscript security update

2017-05-12 08:05:57

oraclelinux

ghostscript security update

2017-05-12 00:00:00

ghostscript security update

2018-12-03 00:00:00

ghostscript security and bug fix update

2017-08-07 00:00:00

archlinux

[ASA-201705-3] ghostscript: arbitrary command execution

2017-05-07 00:00:00

cisa_kev

Artifex Ghostscript Type Confusion Vulnerability

2022-05-24 00:00:00

nessus

Virtuozzo 6 : ghostscript / ghostscript-devel / ghostscript-doc / etc (VZLSA-2017-1230)

2017-07-13 00:00:00

SUSE SLES11 Security Update : ghostscript-library (SUSE-SU-2017:1322-1)

2017-05-18 00:00:00

SUSE SLES11 Security Update : ghostscript-library (SUSE-SU-2017:1153-1)

2017-05-04 00:00:00

openvas

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2017-1101)

2020-01-23 00:00:00

CentOS Update for ghostscript CESA-2017:1230 centos7

2017-05-16 00:00:00

SUSE: Security Advisory (SUSE-SU-2017:1322-1)

2021-06-09 00:00:00

suse

Security update for ghostscript-library (important)

2017-05-17 12:09:28

Security update for ghostscript-library (important)

2017-05-03 15:10:11

Security update for ghostscript (important)

2017-05-24 21:13:32

redhatcve

CVE-2017-8291

2017-04-27 08:19:47

ubuntucve

CVE-2017-8291

2017-04-26 00:00:00

zdt

Ghostscript 9.21 Type Confusion Arbitrary Command Execution Exploit

2017-05-02 00:00:00

checkpoint_advisories

Ghostscript Type Confusion Arbitrary Command Execution (CVE-2017-8291)

2017-05-08 00:00:00

osv

ghostscript - security update

2017-05-07 00:00:00

CVE-2017-8291

2017-04-27 01:59:02

ghostscript - security update

2017-04-28 00:00:00

veracode

Remote Code Execution (RCE)

2019-01-15 09:16:42

nvd

CVE-2017-8291

2017-04-27 01:59:02

cve

CVE-2017-8291

2017-04-27 01:59:02

K01362377 : Ghostscript vulnerability CVE-2017-8291

2017-05-08 00:00:00

seebug

Ghostscript remote code execution (CVE-2017-8291) (ghostbutt)

2017-04-29 00:00:00

thn

Critical Flaws in Ghostscript Could Leave Many Systems at Risk of Hacking

2018-08-22 08:27:00

North Korea's APT37 Targeting Southern Counterpart with New M2RAT Malware

2023-02-15 14:59:00

attackerkb

CVE-2017-8291

2017-04-27 00:00:00

ibm

Security Bulletin: A vulnerability in ghostscript affects PowerKVM

2018-06-18 01:36:14

prion

Type confusion

2017-04-27 01:59:00

packetstorm

Ghostscript 9.21 Type Confusion Arbitrary Command Execution

2017-05-01 00:00:00

centos

ghostscript security update

2017-05-15 15:59:50

amazon

Important: ghostscript

2017-06-06 16:51:00

debian

[SECURITY] [DLA 932-1] ghostscript security update

2017-05-07 05:57:50

[SECURITY] [DSA 3838-1] ghostscript security update

2017-04-28 11:51:39

[SECURITY] [DSA 3838-1] ghostscript security update

2017-04-28 11:51:39

hackerone

Basecamp: Remote code execution on Basecamp.com

2018-06-13 07:27:51

debiancve

CVE-2017-8291

2017-04-27 01:59:02

alpinelinux

CVE-2017-8291

2017-04-27 01:59:02

metasploit

Ghostscript Type Confusion Arbitrary Command Execution

2017-04-28 14:56:52

exploitdb

Ghostscript 9.21 - Type Confusion Arbitrary Command Execution (Metasploit)

2017-05-02 00:00:00

rapid7community

Metasploit Weekly Wrapup

2017-05-05 20:37:48

gentoo

GPL Ghostscript: Multiple vulnerabilities

2017-08-21 00:00:00

ubuntu

Ghostscript regression

2017-05-16 00:00:00

Ghostscript vulnerabilities

2017-04-28 00:00:00

fedora

[SECURITY] Fedora 26 Update: ghostscript-9.20-10.fc26

2017-05-08 14:25:23

[SECURITY] Fedora 25 Update: ghostscript-9.20-9.fc25

2017-05-07 00:03:32

[SECURITY] Fedora 24 Update: ghostscript-9.20-9.fc24

2017-05-15 04:28:05

mageia

Updated ghostscript packages fix security vulnerability

2017-05-08 01:16:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.9 High

AI Score

Confidence

High

0.49 Medium

EPSS

Percentile

97.5%

JSON

Related for CVELIST:CVE-2017-8291