Published: 27/04/2017 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 687

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.

Vulnerable Product	Search on Vulmon	Subscribe to Product
artifex ghostscript

Synopsis Important: ghostscript security update Type/Severity Security Advisory: Important Topic An update for ghostscript is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerab ...

USN-3272-1 introduced a regression in Ghostscript ...

Several security issues were fixed in Ghostscript ...

It was found that ghostscript did not properly validate the parameters passedto the rsdparams and eqproc functions During its execution, a speciallycrafted PostScript document could execute code in the context of the ghostscriptprocess, bypassing the -dSAFER protection (CVE-2017-8291) ...

Debian Bug report logs - #859694 ghostscript: CVE-2016-10220 Package: src:ghostscript; Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 6 Apr 2017 06:03:01 UTC Severity: important Tags: patch, security, upstrea ...

Debian Bug report logs - #859696 ghostscript: CVE-2017-5951 Package: src:ghostscript; Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 6 Apr 2017 06:12:02 UTC Severity: important Tags: patch, security, upstream ...

Debian Bug report logs - #861295 ghostscript: CVE-2017-8291: shell injection Package: src:ghostscript; Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 27 Apr 2017 05:06:01 UTC Severity: grave Tags: fixed-upstre ...

Debian Bug report logs - #859666 ghostscript: CVE-2016-10219 Package: src:ghostscript; Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 5 Apr 2017 18:51:02 UTC Severity: important Tags: patch, security, upstrea ...

Debian Bug report logs - #859662 ghostscript: CVE-2016-10217 Package: src:ghostscript; Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 5 Apr 2017 17:27:02 UTC Severity: important Tags: patch, security, upstrea ...

It was found that ghostscript did not properly validate the parameters passed to the rsdparams and eqproc functions During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection ...

It was found that ghostscript did not properly validate the parameters passed to the rsdparams and eqproc functions During its execution, a specially crafted PostScript document could execute code via a "/OutputFile (%pipe%" substring in the context of the ghostscript process, bypassing the -dSAFER protection ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT def initialize(info = {}) super(update_info(info, 'Name' => 'Ghostscript Type Con ...

This Metasploit module exploits a type confusion vulnerability in Ghostscript that can be exploited to obtain arbitrary command execution This vulnerability affects Ghostscript versions 921 and earlier and can be exploited through libraries such as ImageMagick and Pillow ...

Change UploadScanner extension a bit to suit some of the target

UploadScanner Burp extension A Burp Suite Pro extension to do security tests for HTTP file uploads Table of Contents Abstract Main feature Installation Tutorials About Background information and FAQ TL;DR and important infos Basics Checklist I broke the website, omg, what did I do? Limitations Detecting issues Detecting successful uploads FlexiInjector - Detecting requests

HTTP file upload scanner for Burp Proxy

UploadScanner Burp extension A Burp Suite Pro extension to do security tests for HTTP file uploads Table of Contents Abstract Main feature Installation Tutorials About Background information and FAQ TL;DR and important infos Basics Checklist I broke the website, omg, what did I do? Limitations Detecting issues Detecting successful uploads FlexiInjector - Detecting requests

PoC + Docker Environment for Python PIL/Pillow Remote Shell Command Execution via Ghostscript CVE-2018-16509

Python PIL/Pillow Remote Shell Command Execution via Ghostscript CVE-2018-16509 Inspired by githubcom/ysrc/PIL-RCE-By-GhostButt (PIL/Pillow RCE via CVE-2017-8291) This docker environment version is using the newer version of Ghostscript (v923) and newer exploit (CVE-2018-16509) Ghostscript is a suite of software based on an interpreter for Adobe Systems PostScript a

Exploiting Python PIL Module Command Execution Vulnerability

图片处理逻辑的RCE问题攻击由 PIL 开发的 Python 应用, 并达到远程命令执行的效果。这个项目用来放paper和实验所用到的源码和Dockerfile。 Paper : githubcom/neargle/PIL-RCE-By-GhostButt/blob/master/Exploiting-Python-PIL-Module-Command-Execution-Vulnerabilitymd Vulhub: githubcom/vulhub/vulhub/tree/master/python/PIL-CVE-2

Python library for ReversingLabs services - Python 3 version.

ReversingLabsSDK A Python SDK for ReversingLabs REST services (TitaniumCloud and appliances) - Python 3 version The idea behind this SDK is to enable easier out-of-the-box development of software integrations and automation services that need to interact with ReversingLabs The SDK consists of several modules, where each module represents either one ReversingLabs service, Reve

CWE-704 https://bugs.ghostscript.com/show_bug.cgi?id=697808 https://bugzilla.suse.com/show_bug.cgi?id=1036453 https://bugzilla.redhat.com/show_bug.cgi?id=1446063 http://openwall.com/lists/oss-security/2017/04/28/2 http://www.securityfocus.com/bid/98476 https://www.exploit-db.com/exploits/41955/https://security.gentoo.org/glsa/201708-06 http://www.debian.org/security/2017/dsa-3838 https://access.redhat.com/errata/RHSA-2017:1230 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d https://access.redhat.com/errata/RHSA-2017:1230 https://nvd.nist.gov https://usn.ubuntu.com/3272-2/https://www.exploit-db.com/exploits/41955/

CVE-2017-8291

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect