Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
References
Link | Resource |
---|---|
http://openwall.com/lists/oss-security/2017/04/28/2 | Mailing List Patch Third Party Advisory |
http://www.debian.org/security/2017/dsa-3838 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/98476 | Broken Link Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2017:1230 | Third Party Advisory |
https://bugs.ghostscript.com/show_bug.cgi?id=697808 | Issue Tracking Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=1446063 | Issue Tracking Patch Third Party Advisory VDB Entry |
https://bugzilla.suse.com/show_bug.cgi?id=1036453 | Exploit Issue Tracking Third Party Advisory VDB Entry |
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d | Broken Link |
https://security.gentoo.org/glsa/201708-06 | Third Party Advisory |
https://www.exploit-db.com/exploits/41955/ | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
02 Jul 2024, 13:01
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.debian.org/security/2017/dsa-3838 - Mailing List, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/98476 - Broken Link, Third Party Advisory, VDB Entry | |
References | () https://access.redhat.com/errata/RHSA-2017:1230 - Third Party Advisory | |
References | () https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d - Broken Link | |
References | () https://security.gentoo.org/glsa/201708-06 - Third Party Advisory | |
References | () https://www.exploit-db.com/exploits/41955/ - Exploit, Third Party Advisory, VDB Entry | |
First Time |
Redhat enterprise Linux Workstation
Debian Redhat Redhat enterprise Linux Eus Redhat enterprise Linux Desktop Redhat enterprise Linux Server Tus Debian debian Linux Redhat enterprise Linux Server Redhat enterprise Linux Server Aus |
|
CPE | cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* |
|
CWE | CWE-843 |
07 Nov 2023, 02:50
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2017-04-27 01:59
Updated : 2024-07-02 13:01
NVD link : CVE-2017-8291
Mitre link : CVE-2017-8291
CVE.ORG link : CVE-2017-8291
JSON object : View
Products Affected
artifex
- ghostscript
redhat
- enterprise_linux_desktop
- enterprise_linux_server_aus
- enterprise_linux_server
- enterprise_linux_eus
- enterprise_linux_server_tus
- enterprise_linux_workstation
debian
- debian_linux
CWE
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')