CVE-2017-8291

HIGH KEV LAB

Ghostscript Type Confusion Arbitrary Command Execution

Title source: metasploit

Description

Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.

Exploits (6)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocallinux
https://www.exploit-db.com/exploits/41955
nomisec WORKING POC
by DaniilOrchikov · poc
https://github.com/DaniilOrchikov/PIL-CVE-2017-8291
nomisec WORKING POC
by hkcfs · remote
https://github.com/hkcfs/PIL-CVE-2017-8291
nomisec WORKING POC
by shun1403 · remote
https://github.com/shun1403/PIL-CVE-2017-8291-study
nomisec WORKING POC
by shun1403 · remote
https://github.com/shun1403/CVE-2017-8291
metasploit WORKING POC EXCELLENT
by Atlassian Security Team, hdm · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/fileformat/ghostscript_type_confusion.rb

References (11)

Scores

CVSS v3 7.8
EPSS 0.9287
EPSS Percentile 99.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY
Community Lab
docker pull vulhub/ghostscript:9.21-with-flask
+2 more repos

Details

CISA KEV 2022-05-24
VulnCheck KEV 2017-04-27
InTheWild.io 2017-04-27
ENISA EUVD EUVD-2017-17253
CWE
CWE-843
Status published
Products (20)
artifex/ghostscript < 9.21
debian/debian_linux 8.0
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_desktop 7.0
redhat/enterprise_linux_eus 7.3
redhat/enterprise_linux_eus 7.4
redhat/enterprise_linux_eus 7.5
redhat/enterprise_linux_eus 7.6
redhat/enterprise_linux_eus 7.7
redhat/enterprise_linux_server 6.0
... and 10 more
Published Apr 27, 2017
KEV Added May 24, 2022
Tracked Since Feb 18, 2026