Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
Metrics
Affected Vendors & Products
References
History
Wed, 14 Aug 2024 00:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2017-04-27T01:41:00
Updated: 2024-08-05T16:34:21.679Z
Reserved: 2017-04-26T00:00:00
Link: CVE-2017-8291
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-04-27T01:59:02.057
Modified: 2024-11-21T03:33:42.733
Link: CVE-2017-8291
Redhat