Launchpad CVE tracker

CVE 2017-8291

Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.

Related bugs and status

CVE-2017-8291 (Candidate) is related to these bugs:

Bug #1687614: broken ghostscript with 9.18~dfsg~0-0ubuntu2.3 to 9.18~dfsg~0-0ubuntu2.4 update

Summary				In	Importance	Status
	1687614	broken ghostscript with 9.18~dfsg~0-0ubuntu2.3 to 9.18~dfsg~0-0ubuntu2.4 update		ghostscript (Ubuntu)	Critical	Fix Released
	1687614	broken ghostscript with 9.18~dfsg~0-0ubuntu2.3 to 9.18~dfsg~0-0ubuntu2.4 update		GS-GPL	Unknown	Unknown

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.ghostscri...
MISC: http://openwall.com/li...
MISC: https://bugzilla.redha...
MISC: https://bugzilla.suse....
CONFIRM: https://git.ghostscrip...
BID: 98476
EXPLOIT-DB: 41955
GENTOO: GLSA-201708-06
DEBIAN: DSA-3838
REDHAT: RHSA-2017:1230

Launchpad.net

CVE 2017-8291

Related bugs and status

Related bugs

References