ID CVE-2017-8291
Summary Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
References
Vulnerable Configurations
  • cpe:2.3:a:artifex:ghostscript:8_64:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:8_64:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.00:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.00:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.01:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.01:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.02:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.02:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.04:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.04:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.05:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.05:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.06:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.06:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.07:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.07:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.09:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.09:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.10:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.10:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.14:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.14:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.15:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.15:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.16:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.16:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.18:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.18:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.19:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.19:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.21:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.21:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 05-01-2018 - 02:31)
Impact:
Exploitability:
CWE CWE-704
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 1446063
title CVE-2017-8291 ghostscript: corruption of operand stack
oval
OR
  • AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment ghostscript is earlier than 0:9.07-20.el7_3.5
          oval oval:com.redhat.rhsa:tst:20171230011
        • comment ghostscript is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095013
      • AND
        • comment ghostscript-cups is earlier than 0:9.07-20.el7_3.5
          oval oval:com.redhat.rhsa:tst:20171230009
        • comment ghostscript-cups is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20170013010
      • AND
        • comment ghostscript-devel is earlier than 0:9.07-20.el7_3.5
          oval oval:com.redhat.rhsa:tst:20171230007
        • comment ghostscript-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095017
      • AND
        • comment ghostscript-doc is earlier than 0:9.07-20.el7_3.5
          oval oval:com.redhat.rhsa:tst:20171230013
        • comment ghostscript-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095019
      • AND
        • comment ghostscript-gtk is earlier than 0:9.07-20.el7_3.5
          oval oval:com.redhat.rhsa:tst:20171230005
        • comment ghostscript-gtk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095015
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment ghostscript is earlier than 0:8.70-23.el6_9.2
          oval oval:com.redhat.rhsa:tst:20171230019
        • comment ghostscript is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095013
      • AND
        • comment ghostscript-devel is earlier than 0:8.70-23.el6_9.2
          oval oval:com.redhat.rhsa:tst:20171230020
        • comment ghostscript-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095017
      • AND
        • comment ghostscript-doc is earlier than 0:8.70-23.el6_9.2
          oval oval:com.redhat.rhsa:tst:20171230022
        • comment ghostscript-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095019
      • AND
        • comment ghostscript-gtk is earlier than 0:8.70-23.el6_9.2
          oval oval:com.redhat.rhsa:tst:20171230021
        • comment ghostscript-gtk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095015
rhsa
id RHSA-2017:1230
released 2017-05-12
severity Important
title RHSA-2017:1230: ghostscript security update (Important)
rpms
  • ghostscript-0:9.07-20.el7_3.5
  • ghostscript-cups-0:9.07-20.el7_3.5
  • ghostscript-devel-0:9.07-20.el7_3.5
  • ghostscript-doc-0:9.07-20.el7_3.5
  • ghostscript-gtk-0:9.07-20.el7_3.5
  • ghostscript-0:8.70-23.el6_9.2
  • ghostscript-devel-0:8.70-23.el6_9.2
  • ghostscript-doc-0:8.70-23.el6_9.2
  • ghostscript-gtk-0:8.70-23.el6_9.2
refmap via4
bid 98476
confirm https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d
debian DSA-3838
exploit-db 41955
gentoo GLSA-201708-06
misc
Last major update 05-01-2018 - 02:31
Published 27-04-2017 - 01:59
Back to Top