CVE-2017-8291
| CVE Published | 2017-04-27 |
|---|---|
| Related CWE(s) | CWE-843: Access of Resource Using Incompatible Type ('Type Confusion'), CWE-704: Incorrect Type Conversion or Cast |
| Related Vendor(s) | artifex, redhat, debian |
| Related Product(s) | ghostscript, enterprise_linux_server_aus, enterprise_linux_workstation, enterprise_linux_eus, enterprise_linux_server, debian_linux, enterprise_linux_server_tus, enterprise_linux_desktop |
| Exploitation Reported (CISA KEV) | 2022-05-24 |
| CVSS 3 Base Score | 7.8 (HIGH) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | LOCAL |
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph