CVE-2017-8291
Description
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a /OutputFile (%pipe% substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
92.862
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2017-8291 are fixed in GPL Ghostscript 9.23 (X64) | Windows |
| Vulnerabilities CVE-2017-8291 are affected in GPL Ghostscript 9.23 (X86) | Windows |
| Multiple Vulnerabilities are affected in Ghostscript 9.21 | Windows |
| PostScript and PDF interpreter (USN-3272-2) libgs9_9.10~dfsg-0ubuntu10.9_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3272-2) libgs9_9.19~dfsg+1-0ubuntu6.6_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3272-2) libgs9_9.19~dfsg+1-0ubuntu6.6_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-3272-2) ghostscript_9.10~dfsg-0ubuntu10.9_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3272-2) ghostscript_9.19~dfsg+1-0ubuntu6.6_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3272-2) ghostscript_9.19~dfsg+1-0ubuntu6.6_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-3272-2) ghostscript-x_9.10~dfsg-0ubuntu10.9_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3272-2) ghostscript-x_9.19~dfsg+1-0ubuntu6.6_i386.deb | Linux |
| PostScript and PDF interpreter (USN-3272-2) ghostscript-x_9.19~dfsg+1-0ubuntu6.6_amd64.deb | Linux |
| PostScript and PDF interpreter (USN-3272-2) libgs9-common_9.19~dfsg+1-0ubuntu6.6_all.deb | Linux |
| Ghostscript 9.10 dfsg-0ubuntu10.9 for Ubuntu 14.04 LTS ghostscript_9.10~dfsg-0ubuntu10.9_i386.deb | Linux |
| Ghostscript 9.18 dfsg 0-0ubuntu2.6 for Ubuntu 16.04 LTS ghostscript_9.18~dfsg~0-0ubuntu2.6_i386.deb | Linux |
| Ghostscript 9.19 dfsg 1-0ubuntu6.6 for Ubuntu 16.10 (x64) ghostscript_9.19~dfsg+1-0ubuntu6.6_amd64.deb | Linux |
| Ghostscript 9.19 dfsg 1-0ubuntu6.6 for Ubuntu 16.10 ghostscript_9.19~dfsg+1-0ubuntu6.6_i386.deb | Linux |
| Ghostscript 9.19 dfsg 1-0ubuntu7.4 for Ubuntu 17.04 ghostscript_9.19~dfsg+1-0ubuntu7.4_i386.deb | Linux |
| ghostscript security update(DSA-3838-1) ghostscript_9.06~dfsg-2+deb8u5_i386.deb | Linux |
| ghostscript security update(DSA-3838-1) ghostscript_9.06~dfsg-2+deb8u5_amd64.deb | Linux |
| ghostscript security update(DSA-3838-1) ghostscript_9.06~dfsg-2+deb8u5_kfreebsd-i386.deb | Linux |
| ghostscript security update(DSA-3838-1) ghostscript_9.06~dfsg-2+deb8u5_kfreebsd-amd64.deb | Linux |
| Ghostscript 9.06~dfsg-2+deb8u5 for Debian GNU/Linux 8 (jessie) (x64) ghostscript_9.06~dfsg-2+deb8u5_amd64.deb | Linux |
| (RHSA-2017:1230) Important: ghostscript security update ghostscript-8.70-23.el6_9.2.i686.rpm | Linux |
| (RHSA-2017:1230) Important: ghostscript security update ghostscript-8.70-23.el6_9.2.x86_64.rpm | Linux |
| (RHSA-2017:1230) Important: ghostscript security update ghostscript-devel-8.70-23.el6_9.2.i686.rpm | Linux |
| (RHSA-2017:1230) Important: ghostscript security update ghostscript-devel-8.70-23.el6_9.2.x86_64.rpm | Linux |
| (RHSA-2017:1230) Important: ghostscript security update ghostscript-doc-8.70-23.el6_9.2.i686.rpm | Linux |
| (RHSA-2017:1230) Important: ghostscript security update ghostscript-doc-8.70-23.el6_9.2.x86_64.rpm | Linux |
| (RHSA-2017:1230) Important: ghostscript security update ghostscript-gtk-8.70-23.el6_9.2.i686.rpm | Linux |
| (RHSA-2017:1230) Important: ghostscript security update ghostscript-gtk-8.70-23.el6_9.2.x86_64.rpm | Linux |
| Ghostscript update (ELSA-2018-3760) ghostscript-8.70-24.el6_10.2.x86_64.rpm | Linux |
| Ghostscript-devel update (ELSA-2018-3760) ghostscript-devel-8.70-24.el6_10.2.x86_64.rpm | Linux |
| Ghostscript-doc update (ELSA-2018-3760) ghostscript-doc-8.70-24.el6_10.2.x86_64.rpm | Linux |
| Ghostscript-gtk update (ELSA-2018-3760) ghostscript-gtk-8.70-24.el6_10.2.x86_64.rpm | Linux |
| Ghostscript update (ELSA-2018-3760) ghostscript-8.70-24.el6_10.2.i686.rpm | Linux |
| Ghostscript-devel update (ELSA-2018-3760) ghostscript-devel-8.70-24.el6_10.2.i686.rpm | Linux |
| Ghostscript-doc update (ELSA-2018-3760) ghostscript-doc-8.70-24.el6_10.2.i686.rpm | Linux |
| Ghostscript-gtk update (ELSA-2018-3760) ghostscript-gtk-8.70-24.el6_10.2.i686.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-307977 | GPL Ghostscript 9.23 (X64) |
| PATCH-307979 | GPL Ghostscript 9.23 (X86) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234