| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.2 | $0-$5k | 0.00 |
Summary
A vulnerability identified as critical has been detected in Artifex Ghostscript up to 2017-04-26. Affected is an unknown function of the component dSAFER. This manipulation causes type conversion. This vulnerability is tracked as CVE-2017-8291. The attack is possible to be carried out remotely. Moreover, an exploit is present. You should upgrade the affected component.
Details
A vulnerability was found in Artifex Ghostscript up to 2017-04-26 (Document Processing Software). It has been declared as critical. Affected by this vulnerability is some unknown functionality of the component dSAFER. The manipulation with an unknown input leads to a type conversion vulnerability. The CWE definition for the vulnerability is CWE-704. The product does not correctly convert an object, resource, or structure from one type to a different type. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
The bug was discovered 04/26/2017. The weakness was disclosed 04/27/2017 (oss-sec). It is possible to read the advisory at openwall.com. This vulnerability is known as CVE-2017-8291 since 04/26/2017. The attack can be launched remotely. The exploitation doesn't need any form of authentication. It demands that the victim is doing some kind of user interaction. Technical details are unknown but a public exploit is available.
After 5 days, there has been an exploit disclosed. It is possible to download the exploit at exploit-db.com. It is declared as attacked. The vulnerability scanner Nessus provides a plugin with the ID 99726 (Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : ghostscript vulnerabilities (USN-3272-1)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Ubuntu Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 390162 (Oracle VM Server for x86 Security Update for ghostscript (OVMSA-2018-0285)). The CISA Known Exploited Vulnerabilities Catalog lists this issue since 05/24/2022 with a due date of 06/14/2022:
Apply updates per vendor instructions.Upgrading eliminates this vulnerability. A possible mitigation has been published 1 days after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Exploit-DB (41955), Zero-Day.cz (460), Tenable (99726) and SecurityFocus (BID 98476†). The entry VDB-99231 is pretty similar. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://artifex.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 7.2
VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.8
NVD Vector: 🔍
CNA Base Score: 7.8
CNA Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Type conversionCWE: CWE-704
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Yes
Availability: 🔍
Access: Public
Status: Attacked
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
KEV Added: 🔍
KEV Due: 🔍
KEV Remediation: 🔍
KEV Ransomware: 🔍
KEV Notice: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 99726
Nessus Name: Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : ghostscript vulnerabilities (USN-3272-1)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 703838
OpenVAS Name: Debian Security Advisory DSA 3838-1 (ghostscript - security update)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Exploit-DB: 🔍
Zero-Day.cz: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Exploit Delay Time: 🔍
Patch: 04b37bbce174eed24edec7ad5b920eb93db4d47d
Timeline
04/26/2017 🔍04/26/2017 🔍
04/26/2017 🔍
04/26/2017 🔍
04/27/2017 🔍
04/27/2017 🔍
04/28/2017 🔍
04/28/2017 🔍
05/02/2017 🔍
05/02/2017 🔍
02/05/2025 🔍
Sources
Vendor: artifex.comAdvisory: USN-3272-1
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2017-8291 (🔍)
GCVE (CVE): GCVE-0-2017-8291
GCVE (VulDB): GCVE-100-100627
OVAL: 🔍
SecurityFocus: 98476 - Ghostscript CVE-2017-8291 Multiple Remote Code Execution Vulnerabilities
OSVDB: - CVE-2017-8291 - Artifex - Ghostscript - Type Confusion Issue
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 04/27/2017 16:50Updated: 02/05/2025 01:01
Changes: 04/27/2017 16:50 (89), 12/02/2022 11:21 (6), 12/02/2022 11:30 (1), 04/26/2024 12:45 (22), 07/03/2024 01:07 (1), 07/06/2024 04:54 (2), 09/09/2024 22:30 (1), 02/05/2025 01:01 (11)
Complete: 🔍
Cache ID: 216:9CF:103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.