ID CVE-2017-8291
Summary Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
References
Vulnerable Configurations
  • Artifex Ghostscript 9.21
    cpe:2.3:a:artifex:ghostscript:9.21
CVSS
Base: 6.8 (as of 09-05-2017 - 10:49)
Impact:
Exploitability:
CWE CWE-704
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description Ghostscript 9.21 - Type Confusion Arbitrary Command Execution (Metasploit). CVE-2017-8291. Local exploit for Linux platform. Tags: Metasploit Framework, Local
file exploits/linux/local/41955.rb
id EDB-ID:41955
last seen 2017-05-02
modified 2017-05-02
platform linux
port
published 2017-05-02
reporter Exploit-DB
source https://www.exploit-db.com/download/41955/
title Ghostscript 9.21 - Type Confusion Arbitrary Command Execution (Metasploit)
type local
metasploit via4
description This module exploits a type confusion vulnerability in Ghostscript that can be exploited to obtain arbitrary command execution. This vulnerability affects Ghostscript versions 9.21 and earlier and can be exploited through libraries such as ImageMagick and Pillow. For more recent Ghostscript vectors, please see the following modules: exploit/multi/fileformat/ghostscript_failed_restore
id MSF:EXPLOIT/UNIX/FILEFORMAT/GHOSTSCRIPT_TYPE_CONFUSION
last seen 2019-03-18
modified 2018-09-18
published 2017-04-28
reliability Excellent
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/fileformat/ghostscript_type_confusion.rb
title Ghostscript Type Confusion Arbitrary Command Execution
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3272-1.NASL
    description It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service (application crash). (CVE-2017-8291) Kamil Frankowicz discovered a use-after-free vulnerability in the color management module of Ghostscript. An attacker could use this to cause a denial of service (application crash). (CVE-2016-10217) Kamil Frankowicz discovered a divide-by-zero error in the scan conversion code in Ghostscript. An attacker could use this to cause a denial of service (application crash). (CVE-2016-10219) Kamil Frankowicz discovered multiple NULL pointer dereference errors in Ghostscript. An attacker could use these to cause a denial of service (application crash). (CVE-2016-10220, CVE-2017-5951, CVE-2017-7207). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 99726
    published 2017-04-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99726
    title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : ghostscript vulnerabilities (USN-3272-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3272-2.NASL
    description USN-3272-1 fixed vulnerabilities in Ghostscript. This change introduced a regression when the DELAYBIND feature is used with the eqproc command. This update fixes the problem. We apologize for the inconvenience. It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service (application crash). (CVE-2017-8291) Kamil Frankowicz discovered a use-after-free vulnerability in the color management module of Ghostscript. An attacker could use this to cause a denial of service (application crash). (CVE-2016-10217) Kamil Frankowicz discovered a divide-by-zero error in the scan conversion code in Ghostscript. An attacker could use this to cause a denial of service (application crash). (CVE-2016-10219) Kamil Frankowicz discovered multiple NULL pointer dereference errors in Ghostscript. An attacker could use these to cause a denial of service (application crash). (CVE-2016-10220, CVE-2017-5951, CVE-2017-7207). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 100247
    published 2017-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100247
    title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : ghostscript regression (USN-3272-2)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-FAE1506F94.NASL
    description Security fixes release for these CVEs : - [CVE-2016-10217](https://access.redhat.com/security/cve/ CVE-2016-10217) *(use-after-free and application crash)* - [CVE-2016-10218](https://access.redhat.com/security/cve/ CVE-2016-10218) *(NULL pointer dereference and application crash)* - [CVE-2016-10219](https://access.redhat.com/security/cve/ CVE-2016-10219) *(divide-by-zero error and application crash)* - [CVE-2016-10220](https://access.redhat.com/security/cve/ CVE-2016-10220) *(NULL pointer dereference and application crash)* - [CVE-2017-5951](https://access.redhat.com/security/cve/C VE-2017-5951) *(NULL pointer dereference and application crash)* - [CVE-2017-7975](https://access.redhat.com/security/cve/C VE-2017-7975) *(application crash or possible execution of arbitrary code)* - [CVE-2017-8291](https://access.redhat.com/security/cve/C VE-2017-8291) *( -dSAFER bypass and remote command execution)* Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 100201
    published 2017-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100201
    title Fedora 24 : ghostscript (2017-fae1506f94)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201708-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-201708-06 (GPL Ghostscript: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for additional information. Impact : A context-dependent attacker could entice a user to open a specially crafted PostScript file or PDF document using GPL Ghostscript possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-10-01
    plugin id 102618
    published 2017-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102618
    title GLSA-201708-06 : GPL Ghostscript: Multiple vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3838.NASL
    description Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may lead to the execution of arbitrary code or denial of service if a specially crafted Postscript file is processed.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 99741
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99741
    title Debian DSA-3838-1 : ghostscript - security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-558.NASL
    description This update for ghostscript fixes the following security vulnerabilities : CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) CVE-2016-9601: An integer overflow in the bundled jbig2dec library could have been misused to cause a Denial-of-Service. (bsc#1018128) CVE-2016-10220: A NULL pointer dereference in the PDF Transparency module allowed remote attackers to cause a Denial-of-Service. (bsc#1032120) CVE-2017-5951: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1032114) CVE-2017-7207: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1030263) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-10-01
    plugin id 100041
    published 2017-05-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100041
    title openSUSE Security Update : ghostscript (openSUSE-2017-558)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1101.NASL
    description According to the version of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection. (CVE-2017-8291) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 100694
    published 2017-06-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100694
    title EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2017-1101)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1153-1.NASL
    description This update for ghostscript fixes the following security vulnerability : - CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 99979
    published 2017-05-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99979
    title SUSE SLES11 Security Update : ghostscript-library (SUSE-SU-2017:1153-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-A606D224A5.NASL
    description Security fixes release for these CVEs : - [CVE-2016-10217](https://access.redhat.com/security/cve/ CVE-2016-10217) *(use-after-free and application crash)* - [CVE-2016-10218](https://access.redhat.com/security/cve/ CVE-2016-10218) *(NULL pointer dereference and application crash)* - [CVE-2016-10219](https://access.redhat.com/security/cve/ CVE-2016-10219) *(divide-by-zero error and application crash)* - [CVE-2016-10220](https://access.redhat.com/security/cve/ CVE-2016-10220) *(NULL pointer dereference and application crash)* - [CVE-2017-5951](https://access.redhat.com/security/cve/C VE-2017-5951) *(NULL pointer dereference and application crash)* - [CVE-2017-7975](https://access.redhat.com/security/cve/C VE-2017-7975) *(application crash or possible execution of arbitrary code)* - [CVE-2017-8291](https://access.redhat.com/security/cve/C VE-2017-8291) *( -dSAFER bypass and remote command execution)* Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 101695
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101695
    title Fedora 26 : ghostscript (2017-a606d224a5)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1138-1.NASL
    description This update for ghostscript fixes the following security vulnerabilities : - CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) - CVE-2016-9601: An integer overflow in the bundled jbig2dec library could have been misused to cause a Denial-of-Service. (bsc#1018128) - CVE-2016-10220: A NULL pointer dereference in the PDF Transparency module allowed remote attackers to cause a Denial-of-Service. (bsc#1032120) - CVE-2017-5951: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1032114) - CVE-2017-7207: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1030263) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 99761
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99761
    title SUSE SLED12 / SLES12 Security Update : ghostscript (SUSE-SU-2017:1138-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1322-1.NASL
    description This update for ghostscript fixes the following security vulnerability : - CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) This update is a reissue including the SUSE Linux Enterprise 11 SP3 product. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 100264
    published 2017-05-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100264
    title SUSE SLES11 Security Update : ghostscript-library (SUSE-SU-2017:1322-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1230.NASL
    description An update for ghostscript is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection. (CVE-2017-8291)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 100172
    published 2017-05-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100172
    title RHEL 6 / 7 : ghostscript (RHSA-2017:1230)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1404-1.NASL
    description This update for ghostscript fixes the following security vulnerabilities : - CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) - CVE-2016-9601: An integer overflow in the bundled jbig2dec library could have been misused to cause a Denial-of-Service. (bsc#1018128) - CVE-2016-10220: A NULL pointer dereference in the PDF Transparency module allowed remote attackers to cause a Denial-of-Service. (bsc#1032120) - CVE-2017-5951: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1032114) - CVE-2017-7207: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1030263) This is a reissue of the previous update to also include SUSE Linux Enterprise 12 GA LTSS packages. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 100410
    published 2017-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100410
    title SUSE SLED12 / SLES12 Security Update : ghostscript (SUSE-SU-2017:1404-1)
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZLSA-2017-1230.NASL
    description An update for ghostscript is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection. (CVE-2017-8291) Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 101465
    published 2017-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101465
    title Virtuozzo 6 : ghostscript / ghostscript-devel / ghostscript-doc / etc (VZLSA-2017-1230)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-1230.NASL
    description From Red Hat Security Advisory 2017:1230 : An update for ghostscript is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection. (CVE-2017-8291)
    last seen 2019-02-21
    modified 2018-10-01
    plugin id 100171
    published 2017-05-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100171
    title Oracle Linux 6 / 7 : ghostscript (ELSA-2017-1230)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0285.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - It was found that the fix for CVE-2018-16509 was not complete, the missing pieces added into ghostscript-CVE-2018-16509.patch - Resolves: #1641124 - CVE-2018-16509 ghostscript: /invalidaccess bypass after failed restore - Added security fix for CVE-2017-8291 (bug #1446063)
    last seen 2019-02-21
    modified 2018-12-07
    plugin id 119484
    published 2018-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119484
    title OracleVM 3.3 / 3.4 : ghostscript (OVMSA-2018-0285)
  • NASL family Windows
    NASL id GHOSTSCRIPT_9_21.NASL
    description The version of Artifex Ghostscript installed on the remote Windows host is 9.21 or earlier. It is, therefore, affected by a type confusion error when handling the '.rsdparams' operator with a '/OutputFile (%pipe%' substring. An unauthenticated, remote attacker can exploit this, via a specially crafted EPS file, to bypass the -dSAFER sandbox and execute arbitrary commands.
    last seen 2019-02-21
    modified 2018-10-01
    plugin id 100356
    published 2017-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100356
    title Artifex Ghostscript .rsdparams Operator Handling Type Confusion RCE
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-932.NASL
    description A vulnerability was discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may lead to the execution of arbitrary code or denial of service if a specially crafted Postscript file is processed. For Debian 7 'Wheezy', these problems have been fixed in version 9.05~dfsg-6.3+deb7u6. We recommend that you upgrade your ghostscript packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-10-01
    plugin id 99998
    published 2017-05-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99998
    title Debian DLA-932-1 : ghostscript security update
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0103.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Security fix for CVE-2017-8291 updated to address SIGSEGV - Added security fix for CVE-2017-8291 (bug #1446063) - Fix for regression caused by previous CVE fixes (bug #1410260)
    last seen 2019-02-21
    modified 2018-10-01
    plugin id 100205
    published 2017-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100205
    title OracleVM 3.3 / 3.4 : ghostscript (OVMSA-2017-0103)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-837.NASL
    description It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection. (CVE-2017-8291)
    last seen 2019-02-21
    modified 2018-10-01
    plugin id 100638
    published 2017-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100638
    title Amazon Linux AMI : ghostscript (ALAS-2017-837)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-1230.NASL
    description An update for ghostscript is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection. (CVE-2017-8291)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 100175
    published 2017-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100175
    title CentOS 6 / 7 : ghostscript (CESA-2017:1230)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-C85C0E5637.NASL
    description Security fixes release for these CVEs : - [CVE-2016-10217](https://access.redhat.com/security/cve/ CVE-2016-10217) *(use-after-free and application crash)* - [CVE-2016-10218](https://access.redhat.com/security/cve/ CVE-2016-10218) *(NULL pointer dereference and application crash)* - [CVE-2016-10219](https://access.redhat.com/security/cve/ CVE-2016-10219) *(divide-by-zero error and application crash)* - [CVE-2016-10220](https://access.redhat.com/security/cve/ CVE-2016-10220) *(NULL pointer dereference and application crash)* - [CVE-2017-5951](https://access.redhat.com/security/cve/C VE-2017-5951) *(NULL pointer dereference and application crash)* - [CVE-2017-7975](https://access.redhat.com/security/cve/C VE-2017-7975) *(application crash or possible execution of arbitrary code)* - [CVE-2017-8291](https://access.redhat.com/security/cve/C VE-2017-8291) *( -dSAFER bypass and remote command execution)* Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 100013
    published 2017-05-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100013
    title Fedora 25 : ghostscript (2017-c85c0e5637)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170512_GHOSTSCRIPT_ON_SL6_X.NASL
    description Security Fix(es) : - It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection. (CVE-2017-8291)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 100173
    published 2017-05-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100173
    title Scientific Linux Security Update : ghostscript on SL6.x, SL7.x i386/x86_64
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1100.NASL
    description According to the version of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection. (CVE-2017-8291) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 100693
    published 2017-06-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100693
    title EulerOS 2.0 SP1 : ghostscript (EulerOS-SA-2017-1100)
packetstorm via4
data source https://packetstormsecurity.com/files/download/142363/ghostscript_type_confusion.rb.txt
id PACKETSTORM:142363
last seen 2017-05-02
published 2017-05-01
reporter H D Moore
source https://packetstormsecurity.com/files/142363/Ghostscript-9.21-Type-Confusion-Arbitrary-Command-Execution.html
title Ghostscript 9.21 Type Confusion Arbitrary Command Execution
redhat via4
advisories
bugzilla
id 1446063
title CVE-2017-8291 ghostscript: corruption of operand stack
oval
OR
  • AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment ghostscript is earlier than 0:9.07-20.el7_3.5
          oval oval:com.redhat.rhsa:tst:20171230011
        • comment ghostscript is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095013
      • AND
        • comment ghostscript-cups is earlier than 0:9.07-20.el7_3.5
          oval oval:com.redhat.rhsa:tst:20171230009
        • comment ghostscript-cups is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20170013010
      • AND
        • comment ghostscript-devel is earlier than 0:9.07-20.el7_3.5
          oval oval:com.redhat.rhsa:tst:20171230007
        • comment ghostscript-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095017
      • AND
        • comment ghostscript-doc is earlier than 0:9.07-20.el7_3.5
          oval oval:com.redhat.rhsa:tst:20171230013
        • comment ghostscript-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095019
      • AND
        • comment ghostscript-gtk is earlier than 0:9.07-20.el7_3.5
          oval oval:com.redhat.rhsa:tst:20171230005
        • comment ghostscript-gtk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095015
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment ghostscript is earlier than 0:8.70-23.el6_9.2
          oval oval:com.redhat.rhsa:tst:20171230019
        • comment ghostscript is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095013
      • AND
        • comment ghostscript-devel is earlier than 0:8.70-23.el6_9.2
          oval oval:com.redhat.rhsa:tst:20171230020
        • comment ghostscript-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095017
      • AND
        • comment ghostscript-doc is earlier than 0:8.70-23.el6_9.2
          oval oval:com.redhat.rhsa:tst:20171230022
        • comment ghostscript-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095019
      • AND
        • comment ghostscript-gtk is earlier than 0:8.70-23.el6_9.2
          oval oval:com.redhat.rhsa:tst:20171230021
        • comment ghostscript-gtk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095015
rhsa
id RHSA-2017:1230
released 2017-05-12
severity Important
title RHSA-2017:1230: ghostscript security update (Important)
rpms
  • ghostscript-0:9.07-20.el7_3.5
  • ghostscript-cups-0:9.07-20.el7_3.5
  • ghostscript-devel-0:9.07-20.el7_3.5
  • ghostscript-doc-0:9.07-20.el7_3.5
  • ghostscript-gtk-0:9.07-20.el7_3.5
  • ghostscript-0:8.70-23.el6_9.2
  • ghostscript-devel-0:8.70-23.el6_9.2
  • ghostscript-doc-0:8.70-23.el6_9.2
  • ghostscript-gtk-0:8.70-23.el6_9.2
refmap via4
bid 98476
confirm https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d
debian DSA-3838
exploit-db 41955
gentoo GLSA-201708-06
misc
the hacker news via4
id THN:6EE883925125E982A6EC7C360E183C43
last seen 2018-08-22
modified 2018-08-22
published 2018-08-22
reporter The Hacker News
source https://thehackernews.com/2018/08/ghostscript-postscript-vulnerability.html
title Critical Flaws in Ghostscript Could Leave Many Systems at Risk of Hacking
Last major update 09-05-2017 - 20:31
Published 26-04-2017 - 21:59
Last modified 04-01-2018 - 21:31
Back to Top