Vulnerability feed

Vulnerability

CVE-2017-8291

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2017-8291
Description:: Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
Last updated date:: 07/02/2024

Reports

alt

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 04/27/2017
Reference url to background: https://bugs.ghostscript.com/show_bug.cgi?id=697799

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 01/05/2018
Reference url to background: https://nvd.nist.gov/vuln/detail/CVE-2017-8291

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 05/24/2022
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploit
Confidence:: HIGH
Date of publishing:: 01/05/2018
Reference url to background: https://bugzilla.suse.com/show_bug.cgi?id=1036453

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/26/2020
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/fileformat/ghostscript_type_confusion.rb

Type:: exploit
Confidence:: HIGH
Date of publishing:: 10/02/2020
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/fileformat/ghostscript_type_confusion.rb

Type:: exploit
Confidence:: HIGH
Date of publishing:: 07/02/2024
Reference url to background: https://www.exploit-db.com/exploits/41955/

Vulnerability Feed Contributors About Blog

@inTheWild

©2024 |