oss-sec mailing list archives

CVE-2017-8291 ghostscript remote code execution

From: Marcus Meissner <meissner () suse de>
Date: Thu, 27 Apr 2017 17:46:51 +0200

Hi,

Canonical has reported CVE-2017-8291 to ghostscript, a ghostscript code execution with -dSAFER to the ghostscript team.

With PS/EPS being processed also from the network with -dSAFER, this would count
for remote code execution.

The ghostscript bug is https://bugs.ghostscript.com/show_bug.cgi?id=697808
and had some more comments but was made private a bit after I last accessed it.

I captured the first comment at least in our bug.
https://bugzilla.suse.com/show_bug.cgi?id=1036453

The problem is I think around a type confusion in the rsdparams command.

Ciao, Marcus

Current thread:

CVE-2017-8291 ghostscript remote code execution Marcus Meissner (Apr 27)
- <Possible follow-ups>
- Re: CVE-2017-8291 ghostscript remote code execution security (Apr 27)
  - Re: CVE-2017-8291 ghostscript remote code execution Kurt H Maier (Apr 28)
    - Re: CVE-2017-8291 ghostscript remote code execution David Black (Apr 28)
    - Re: CVE-2017-8291 ghostscript remote code execution redrain root (Apr 28)
    - Re: CVE-2017-8291 ghostscript remote code execution Tavis Ormandy (Apr 28)
    - Re: CVE-2017-8291 ghostscript remote code execution redrain root (Apr 29)
  - Re: CVE-2017-8291 ghostscript remote code execution Kurt H Maier (Apr 28)