CVE-2017-8291

HIGH KEV

Ghostscript Type Confusion Arbitrary Command Execution

Title source: metasploit

Description

Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.

Exploits (6)

nomisec WORKING POC
by shun1403 · remote
https://github.com/shun1403/CVE-2017-8291
nomisec WORKING POC
by DaniilOrchikov · poc
https://github.com/DaniilOrchikov/PIL-CVE-2017-8291
nomisec WORKING POC
by shun1403 · remote
https://github.com/shun1403/PIL-CVE-2017-8291-study
nomisec WORKING POC
by hkcfs · remote
https://github.com/hkcfs/PIL-CVE-2017-8291
exploitdb WORKING POC VERIFIED
by Metasploit · rubylocallinux
https://www.exploit-db.com/exploits/41955
metasploit WORKING POC EXCELLENT
by Atlassian Security Team, hdm · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/fileformat/ghostscript_type_confusion.rb

References (11)

Scores

CVSS v3 7.8
EPSS 0.9268
EPSS Percentile 99.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2022-05-24
VulnCheck KEV 2017-04-27
InTheWild.io 2017-04-27
ENISA EUVD EUVD-2017-17253

Classification

CWE
CWE-843
Status draft

Affected Products (20)

artifex/ghostscript < 9.21
debian/debian_linux
redhat/enterprise_linux_desktop
redhat/enterprise_linux_desktop
redhat/enterprise_linux_eus
redhat/enterprise_linux_eus
redhat/enterprise_linux_eus
redhat/enterprise_linux_eus
redhat/enterprise_linux_eus
redhat/enterprise_linux_server
redhat/enterprise_linux_server
redhat/enterprise_linux_server_aus
redhat/enterprise_linux_server_aus
redhat/enterprise_linux_server_aus
redhat/enterprise_linux_server_aus
... and 5 more

Timeline

Published Apr 27, 2017
KEV Added May 24, 2022
Tracked Since Feb 18, 2026