Vulnerabilities

CVE-2017-8291

by Fred · 26/04/2017

Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.

Date published : 2017-04-26

http://www.securityfocus.com/bid/98476

https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d

Similar

Tags: Cybersecurity Alert