CVE-2017-8291
Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
Vulnerability Description
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
Affected Platforms (CPE)
📦
Artifex
Ghostscript
< 9.21💻
Debian
Debian Linux
= 8.0💻
Redhat
Enterprise Linux Desktop
= 6.0💻
Redhat
Enterprise Linux Desktop
= 7.0💻
Redhat
Enterprise Linux Eus
= 7.3💻
Redhat
Enterprise Linux Eus
= 7.4💻
Redhat
Enterprise Linux Eus
= 7.5💻
Redhat
Enterprise Linux Eus
= 7.6💻
Redhat
Enterprise Linux Eus
= 7.7💻
Redhat
Enterprise Linux Server
= 6.0💻
Redhat
Enterprise Linux Server
= 7.0💻
Redhat
Enterprise Linux Server Aus
= 7.3💻
Redhat
Enterprise Linux Server Aus
= 7.4💻
Redhat
Enterprise Linux Server Aus
= 7.6💻
Redhat
Enterprise Linux Server Aus
= 7.7💻
Redhat
Enterprise Linux Server Tus
= 7.3💻
Redhat
Enterprise Linux Server Tus
= 7.6💻
Redhat
Enterprise Linux Server Tus
= 7.7💻
Redhat
Enterprise Linux Workstation
= 6.0💻
Redhat