CVE-2017-8291 log

Severity High
Remote Yes
Type Arbitrary command execution
It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code  via a "/OutputFile (%pipe%" substring in the context of the ghostscript process, bypassing the -dSAFER protection.
Group Package Affected Fixed Severity Status Ticket
AVG-256 ghostscript 9.21-1 9.21-2 High Fixed
Date Advisory Group Package Severity Type
07 May 2017 ASA-201705-3 AVG-256 ghostscript High arbitrary command execution