CVE-2017-8291
KEV
🔴 Łataj teraz
Błąd typu confusion w Artifex Ghostscript umożliwia zdalne wykonanie kodu przez bypass -dSAFER.
CVSS
7.8
EPSS
92.9%
Exploit
weaponized
Vendor
redhat
Opis źródłowy (NVD)
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 7.8 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 92.9% |
| Opublikowano (NVD) | 2017-04-27 01:59:02 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-21 18:02:58 UTC |
Referencje
- http://openwall.com/lists/oss-security/2017/04/28/2 (cve@mitre.org) [Mailing List, Patch, Third Party Advisory]
- http://www.debian.org/security/2017/dsa-3838 (cve@mitre.org) [Mailing List, Third Party Advisory]
- http://www.securityfocus.com/bid/98476 (cve@mitre.org) [Broken Link, Third Party Advisory, VDB Entry]
- https://access.redhat.com/errata/RHSA-2017:1230 (cve@mitre.org) [Third Party Advisory]
- https://bugs.ghostscript.com/show_bug.cgi?id=697808 (cve@mitre.org) [Issue Tracking, Third Party Advisory, VDB Entry]
- https://bugzilla.redhat.com/show_bug.cgi?id=1446063 (cve@mitre.org) [Issue Tracking, Patch, Third Party Advisory, VDB Entry]
- https://bugzilla.suse.com/show_bug.cgi?id=1036453 (cve@mitre.org) [Exploit, Issue Tracking, Third Party Advisory, VDB Entry]
- https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d (cve@mitre.org) [Broken Link]
- https://security.gentoo.org/glsa/201708-06 (cve@mitre.org) [Third Party Advisory]
- https://www.exploit-db.com/exploits/41955/ (cve@mitre.org) [Exploit, Third Party Advisory, VDB Entry]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-8291 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]