CVE Details

Release Date:2017-04-26


Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass andremote command execution via .rsdparams type confusion with a /OutputFile (%pipe% substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.

See more information about CVE-2017-8291 from MITRE CVE dictionary and NIST NVD

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score:6.8 Base Metrics:AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector: Network Confidentiality Impact: Partial
Access Impact: Medium Integrity Impact: Partial
Authentication: None required Availability Impact: Partial

Errata information

PlatformErrataRelease Date
Oracle Linux version 6 (ghostscript)ELSA-2017-12302017-05-12
Oracle Linux version 7 (ghostscript)ELSA-2017-12302017-05-12
Oracle VM version 3.3 (ghostscript)OVMSA-2017-01032017-05-12
Oracle VM version 3.4 (ghostscript)OVMSA-2017-01032017-05-12

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team