CVE-2017-8291 log

Source
Severity High
Remote Yes
Type Arbitrary command execution
Description
It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code  via a "/OutputFile (%pipe%" substring in the context of the ghostscript process, bypassing the -dSAFER protection.
Group Package Affected Fixed Severity Status Ticket
AVG-256 ghostscript 9.21-1 9.21-2 High Fixed
Date Advisory Group Package Severity Description
07 May 2017 ASA-201705-3 AVG-256 ghostscript High arbitrary command execution
References
https://bugs.ghostscript.com/show_bug.cgi?id=697808