Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-8291  

It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code via a "/OutputFile (%pipe%" substring in the context of the ghostscript process, bypassing the -dSAFER protection.

Source
Severity High

Remote Yes

Type Arbitrary command execution

Description 

It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code  via a "/OutputFile (%pipe%" substring in the context of the ghostscript process, bypassing the -dSAFER protection.

AVG-256 ghostscript 9.21-1 9.21-2 High Fixed

07 May 2017 ASA-201705-3 AVG-256 ghostscript High arbitrary command execution 

https://bugs.ghostscript.com/show_bug.cgi?id=697808

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started