Vulnerability Details : CVE-2017-8291
Public exploit exists!
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
Products affected by CVE-2017-8291
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*
CVE-2017-8291 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Artifex Ghostscript Type Confusion Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2017-8291
Added on
2022-05-24
Action due date
2022-06-14
Exploit prediction scoring system (EPSS) score for CVE-2017-8291
92.68%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2017-8291
-
Ghostscript Type Confusion Arbitrary Command Execution
Disclosure Date: 2017-04-27First seen: 2020-04-26exploit/unix/fileformat/ghostscript_type_confusionThis module exploits a type confusion vulnerability in Ghostscript that can be exploited to obtain arbitrary command execution. This vulnerability affects Ghostscript versions 9.21 and earlier and can be exploited through libraries such as ImageMagick and Pillow.
CVSS scores for CVE-2017-8291
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-02-04 |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | 2024-07-02 |
CWE ids for CVE-2017-8291
-
The product does not correctly convert an object, resource, or structure from one type to a different type.Assigned by: nvd@nist.gov (Primary)
-
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2017-8291
-
http://www.securityfocus.com/bid/98476
Ghostscript CVE-2017-8291 Multiple Remote Code Execution VulnerabilitiesBroken Link;Third Party Advisory;VDB Entry
-
https://bugzilla.suse.com/show_bug.cgi?id=1036453
Bug 1036453 – VUL-0: CVE-2017-8291: ghostscript,ghostscript-library: Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remotecommand execution via a "/Ou...Exploit;Issue Tracking;Third Party Advisory;VDB Entry
-
https://security.gentoo.org/glsa/201708-06
GPL Ghostscript: Multiple vulnerabilities (GLSA 201708-06) — Gentoo securityThird Party Advisory
-
http://openwall.com/lists/oss-security/2017/04/28/2
oss-security - Re: CVE-2017-8291 ghostscript remote code executionMailing List;Patch;Third Party Advisory
-
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d
git.ghostscript.com Git - ghostpdl.git/commitPatch;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2017:1230
RHSA-2017:1230 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.exploit-db.com/exploits/41955/
Ghostscript 9.21 - Type Confusion Arbitrary Command Execution (Metasploit)Exploit;Third Party Advisory;VDB Entry
-
https://bugs.ghostscript.com/show_bug.cgi?id=697808
697808 – %pipe% security issueIssue Tracking;Third Party Advisory;VDB Entry
-
https://bugzilla.redhat.com/show_bug.cgi?id=1446063
1446063 – (CVE-2017-8291) CVE-2017-8291 ghostscript: corruption of operand stackIssue Tracking;Patch;Third Party Advisory;VDB Entry
-
http://www.debian.org/security/2017/dsa-3838
Debian -- Security Information -- DSA-3838-1 ghostscriptMailing List;Third Party Advisory
-
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d
git.ghostscript.com GitBroken Link
Jump to