Zero-day vulnerability in Ghostscript

Type confusion

Vulnerability details

Advisory: SB2017042603 - Remote command injection in Ghostscript

Vulnerable component: Ghostscript

CVE-ID: CVE-2017-8291

CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-704 - Incorrect Type Conversion or Cast (Type Conversion)


The vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on a targeted system.

The weakness exists due to type confusion error when processing user-supplied parameters passed to the .rsdparams and .eqproc functions in ghostscript. A remote attacker can submit a specially crafted .eps document, execute code in the context of the ghostscript process and bypass -dSAFER protection.

Successful exploitation of the vulnerability may result in system compromise.

Note: this vulnerability is being exploited in the wild.

Public Exploits: