CVE-2017-8291 - Vulnerability Details

Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is in the KEV database since May 24, 2022.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Artifex	Ghostscript
Debian	Debian Linux
Redhat	Enterprise Linux Enterprise Linux Desktop Enterprise Linux Eus Enterprise Linux Server Enterprise Linux Server Aus Enterprise Linux Server Tus Enterprise Linux Workstation

Configuration 1 [-]

cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
ghostscript-0:8.70-23.el6_9.2	cpe:/o:redhat:enterprise_linux:6	RHSA-2017:1230	2017-05-12T00:00:00Z
Red Hat Enterprise Linux 7
ghostscript-0:9.07-20.el7_3.5	cpe:/o:redhat:enterprise_linux:7	RHSA-2017:1230	2017-05-12T00:00:00Z

References

Link	Providers
http://openwall.com/lists/oss-security/2017/04/28/2
http://www.debian.org/security/2017/dsa-3838
http://www.securityfocus.com/bid/98476
https://access.redhat.com/errata/RHSA-2017:1230
https://bugs.ghostscript.com/show_bug.cgi?id=697808
https://bugzilla.redhat.com/show_bug.cgi?id=1446063
https://bugzilla.suse.com/show_bug.cgi?id=1036453
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d
https://nvd.nist.gov/vuln/detail/CVE-2017-8291
https://security.gentoo.org/glsa/201708-06
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2017-8291
https://www.exploit-db.com/exploits/41955/

History

Tue, 04 Feb 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-05-24'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 14 Aug 2024 00:15:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-04-27T01:41:00.000Z

Updated: 2025-02-04T20:44:54.709Z

Reserved: 2017-04-26T00:00:00.000Z

Link: CVE-2017-8291

Vulnrichment

Updated: 2024-08-05T16:34:21.679Z

NVD

Status : Deferred

Published: 2017-04-27T01:59:02.057

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-8291

Redhat

Severity : Important

Publid Date: 2017-04-26T00:00:00Z

Links: CVE-2017-8291 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-04-26T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a \"/OutputFile (%pipe%\" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-3838", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3838"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1036453"}, {"name": "RHSA-2017:1230", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1230"}, {"name": "98476", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98476"}, {"name": "41955", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/41955/"}, {"tags": ["x_refsource_MISC"], "url": "http://openwall.com/lists/oss-security/2017/04/28/2"}, {"name": "GLSA-201708-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201708-06"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446063"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697808"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-8291", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a \"/OutputFile (%pipe%\" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-3838", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3838"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=1036453", "refsource": "MISC", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1036453"}, {"name": "RHSA-2017:1230", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1230"}, {"name": "98476", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98476"}, {"name": "41955", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/41955/"}, {"name": "http://openwall.com/lists/oss-security/2017/04/28/2", "refsource": "MISC", "url": "http://openwall.com/lists/oss-security/2017/04/28/2"}, {"name": "GLSA-201708-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201708-06"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1446063", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446063"}, {"name": "https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d", "refsource": "CONFIRM", "url": "https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d"}, {"name": "https://bugs.ghostscript.com/show_bug.cgi?id=697808", "refsource": "MISC", "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697808"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:34:21.679Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-3838", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3838"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1036453"}, {"name": "RHSA-2017:1230", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1230"}, {"name": "98476", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98476"}, {"name": "41955", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/41955/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2017/04/28/2"}, {"name": "GLSA-201708-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201708-06"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446063"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697808"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-843", "lang": "en", "description": "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-02-04T20:44:47.104385Z", "id": "CVE-2017-8291", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-05-24", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-8291"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T20:44:54.709Z"}}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-8291", "datePublished": "2017-04-27T01:41:00.000Z", "dateReserved": "2017-04-26T00:00:00.000Z", "dateUpdated": "2025-02-04T20:44:54.709Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.debian.org/security/2017/dsa-3838", "name": "DSA-3838", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1036453", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:1230", "name": "RHSA-2017:1230", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/98476", "name": "98476", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "https://www.exploit-db.com/exploits/41955/", "name": "41955", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"]}, {"url": "http://openwall.com/lists/oss-security/2017/04/28/2", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/201708-06", "name": "GLSA-201708-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446063", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697808", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:34:21.679Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2017-8291", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-04T20:44:47.104385Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-05-24", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-8291"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-843", "description": "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T20:44:36.177Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-04-26T00:00:00.000Z", "references": [{"url": "http://www.debian.org/security/2017/dsa-3838", "name": "DSA-3838", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1036453", "tags": ["x_refsource_MISC"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:1230", "name": "RHSA-2017:1230", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://www.securityfocus.com/bid/98476", "name": "98476", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "https://www.exploit-db.com/exploits/41955/", "name": "41955", "tags": ["exploit", "x_refsource_EXPLOIT-DB"]}, {"url": "http://openwall.com/lists/oss-security/2017/04/28/2", "tags": ["x_refsource_MISC"]}, {"url": "https://security.gentoo.org/glsa/201708-06", "name": "GLSA-201708-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446063", "tags": ["x_refsource_MISC"]}, {"url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697808", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a \"/OutputFile (%pipe%\" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2018-01-04T19:57:01.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://www.debian.org/security/2017/dsa-3838", "name": "DSA-3838", "refsource": "DEBIAN"}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1036453", "name": "https://bugzilla.suse.com/show_bug.cgi?id=1036453", "refsource": "MISC"}, {"url": "https://access.redhat.com/errata/RHSA-2017:1230", "name": "RHSA-2017:1230", "refsource": "REDHAT"}, {"url": "http://www.securityfocus.com/bid/98476", "name": "98476", "refsource": "BID"}, {"url": "https://www.exploit-db.com/exploits/41955/", "name": "41955", "refsource": "EXPLOIT-DB"}, {"url": "http://openwall.com/lists/oss-security/2017/04/28/2", "name": "http://openwall.com/lists/oss-security/2017/04/28/2", "refsource": "MISC"}, {"url": "https://security.gentoo.org/glsa/201708-06", "name": "GLSA-201708-06", "refsource": "GENTOO"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446063", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1446063", "refsource": "MISC"}, {"url": "https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d", "name": "https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d", "refsource": "CONFIRM"}, {"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697808", "name": "https://bugs.ghostscript.com/show_bug.cgi?id=697808", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a \"/OutputFile (%pipe%\" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-8291", "STATE": "PUBLIC", "ASSIGNER": "cve@mitre.org"}}}}, "cveMetadata": {"cveId": "CVE-2017-8291", "state": "PUBLISHED", "dateUpdated": "2025-02-04T20:44:54.709Z", "dateReserved": "2017-04-26T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2017-04-27T01:41:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-06-14", "cisaExploitAdd": "2022-05-24", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Artifex Ghostscript Type Confusion Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*", "matchCriteriaId": "88CC361C-4956-4459-80D6-6ABD1E29CD31", "versionEndExcluding": "9.21", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a \"/OutputFile (%pipe%\" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017."}, {"lang": "es", "value": "Artifex Ghostscript permite sobrepasar -dSAFER y la ejecuci\u00f3n de comandos remotos a trav\u00e9s de una vulnerabilidad de type confusion en .rsdparams con una subcadena \"/ OutputFile (% pipe%\" en un documento .eps que se utilice como entrada al gs."}], "id": "CVE-2017-8291", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2017-04-27T01:59:02.057", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2017/04/28/2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.debian.org/security/2017/dsa-3838"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98476"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1230"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697808"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446063"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory", "VDB Entry"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1036453"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201708-06"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/41955/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2017/04/28/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.debian.org/security/2017/dsa-3838"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98476"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1230"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697808"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446063"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory", "VDB Entry"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1036453"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201708-06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/41955/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-843"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-843"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2017:1230", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "ghostscript-0:8.70-23.el6_9.2", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-05-12T00:00:00Z"}, {"advisory": "RHSA-2017:1230", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "ghostscript-0:9.07-20.el7_3.5", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-05-12T00:00:00Z"}], "bugzilla": {"description": "ghostscript: corruption of operand stack", "id": "1446063", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446063"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-77", "details": ["Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a \"/OutputFile (%pipe%\" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.", "It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection."], "name": "CVE-2017-8291", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "ghostscript", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Under investigation", "package_name": "ghostscript", "product_name": "Red Hat OpenShift Enterprise 2"}], "public_date": "2017-04-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-8291\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-8291\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "threat_severity": "Important"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object