{ "schema_version": "1.4.0", "id": "GHSA-rh88-cwv2-gjxm", "modified": "2024-07-02T21:32:00Z", "published": "2022-05-14T03:53:46Z", "aliases": [ "CVE-2017-8291" ], "details": "Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a \"/OutputFile (%pipe%\" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8291" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2017:1230" }, { "type": "WEB", "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697808" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446063" }, { "type": "WEB", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1036453" }, { "type": "WEB", "url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d" }, { "type": "WEB", "url": "https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/201708-06" }, { "type": "WEB", "url": "https://www.exploit-db.com/exploits/41955" }, { "type": "WEB", "url": "http://openwall.com/lists/oss-security/2017/04/28/2" }, { "type": "WEB", "url": "http://www.debian.org/security/2017/dsa-3838" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/98476" } ], "database_specific": { "cwe_ids": [ "CWE-704", "CWE-843" ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2017-04-27T01:59:00Z" } }