Cyber Resilience

CVE-2017-8291

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 27 April 2017

Published
27 April 2017
Modified
21 April 2026
KEV Added
24 May 2022
Patch
28 April 2017
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.9287 99.8th percentile
Risk Priority 91 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2017-8291 is a high-severity Type Confusion (CWE-843) vulnerability in Redhat Enterprise Linux Eus. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

Artifex Ghostscript through 2017-04-26 is affected by a type confusion vulnerability (CWE-843) involving the .rsdparams parameter. When a crafted .eps file containing an "/OutputFile (%pipe%" substring is processed by the gs program, the flaw permits a bypass of the -dSAFER sandbox and enables arbitrary command execution.

An attacker can supply the malicious EPS document as input to Ghostscript, achieving remote command execution on the target system. The attack requires local access or user interaction to open the file and carries a CVSS 7.8 rating reflecting high impact on confidentiality, integrity, and availability.

The issue was exploited in the wild in April 2017. Security advisories and updates addressing the flaw were issued by distributions including Debian (DSA-3838) and Red Hat (RHSA-2017:1230), along with a Ghostscript bug tracker entry.

EU & UK References

Vulnerability details

Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April…

more

2017.

CWE(s)
KEV Date Added
24 May 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

artifex
ghostscript
≤ 9.21
debian
debian linux
8.0
redhat
enterprise linux desktop
6.0, 7.0
redhat
enterprise linux eus
7.3, 7.4, 7.5, 7.6, 7.7
redhat
enterprise linux server
6.0, 7.0
redhat
enterprise linux server aus
7.3, 7.4, 7.6, 7.7
redhat
enterprise linux server tus
7.3, 7.6, 7.7
redhat
enterprise linux workstation
6.0, 7.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the Ghostscript patches that eliminate the .rsdparams type-confusion flaw and -dSAFER bypass.

prevent

Mandates validation of untrusted EPS input parameters, blocking the crafted /OutputFile (%pipe% string that triggers the type confusion.

prevent

Restricts Ghostscript execution or disables unsafe PostScript operators and file-output features that the exploit relies on.

References