CVE-2017-8291: Artifex Ghostscript Type Confusion Vulnerability

First published: Thu Apr 27 2017(Updated: )

Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Artifex Ghostscript	<=9.21
Artifex Ghostscript	<9.21
Debian Debian Linux	=8.0
Redhat Enterprise Linux Desktop	=6.0
Redhat Enterprise Linux Desktop	=7.0
Redhat Enterprise Linux Eus	=7.3
Redhat Enterprise Linux Eus	=7.4
Redhat Enterprise Linux Eus	=7.5
Redhat Enterprise Linux Eus	=7.6
Redhat Enterprise Linux Eus	=7.7
Redhat Enterprise Linux Server	=6.0
Redhat Enterprise Linux Server	=7.0
Redhat Enterprise Linux Server Aus	=7.3
Redhat Enterprise Linux Server Aus	=7.4
Redhat Enterprise Linux Server Aus	=7.6
Redhat Enterprise Linux Server Aus	=7.7
Redhat Enterprise Linux Server Tus	=7.3
Redhat Enterprise Linux Server Tus	=7.6
Redhat Enterprise Linux Server Tus	=7.7
Redhat Enterprise Linux Workstation	=6.0
Redhat Enterprise Linux Workstation	=7.0
Artifex Ghostscript
	<9.21
	=8.0
	=6.0
	=7.0
	=7.3
	=7.4
	=7.5
	=7.6
	=7.7
	=6.0
	=7.0
	=7.3
	=7.4
	=7.6
	=7.7
	=7.3
	=7.6
	=7.7
	=6.0
	=7.0

Never miss a vulnerability like this again

Reference Links

collector/nvd-index
agent/type
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2017-8291
agent/title
agent/remedy
agent/description
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/severity
agent/author
agent/weakness
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
exploited/true
collector/cisa-known-exploited
source/CISA
agent/references
agent/softwarecombine
agent/tags
agent/event
collector/nvd-cve
vendor/artifex
canonical/artifex ghostscript
version/artifex ghostscript/9.21
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
vendor/redhat
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/6.0
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/7.3
version/redhat enterprise linux eus/7.4
version/redhat enterprise linux eus/7.5
version/redhat enterprise linux eus/7.6
version/redhat enterprise linux eus/7.7
canonical/redhat enterprise linux server
version/redhat enterprise linux server/6.0
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/7.3
version/redhat enterprise linux server aus/7.4
version/redhat enterprise linux server aus/7.6
version/redhat enterprise linux server aus/7.7
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/7.3
version/redhat enterprise linux server tus/7.6
version/redhat enterprise linux server tus/7.7
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/6.0
version/redhat enterprise linux workstation/7.0

CVE-2017-8291: Artifex Ghostscript Type Confusion Vulnerability

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact