oss-sec mailing list archives
CVE-2017-8291 ghostscript remote code execution
From: Marcus Meissner <meissner () suse de>
Date: Thu, 27 Apr 2017 17:46:51 +0200
Hi, Canonical has reported CVE-2017-8291 to ghostscript, a ghostscript code execution with -dSAFER to the ghostscript team. With PS/EPS being processed also from the network with -dSAFER, this would count for remote code execution. The ghostscript bug is https://bugs.ghostscript.com/show_bug.cgi?id=697808 and had some more comments but was made private a bit after I last accessed it. I captured the first comment at least in our bug. https://bugzilla.suse.com/show_bug.cgi?id=1036453 The problem is I think around a type confusion in the rsdparams command. Ciao, Marcus
Current thread:
- CVE-2017-8291 ghostscript remote code execution Marcus Meissner (Apr 27)
- <Possible follow-ups>
- Re: CVE-2017-8291 ghostscript remote code execution security (Apr 27)
- Re: CVE-2017-8291 ghostscript remote code execution Kurt H Maier (Apr 28)
- Re: CVE-2017-8291 ghostscript remote code execution David Black (Apr 28)
- Re: CVE-2017-8291 ghostscript remote code execution redrain root (Apr 28)
- Re: CVE-2017-8291 ghostscript remote code execution Tavis Ormandy (Apr 28)
- Re: CVE-2017-8291 ghostscript remote code execution redrain root (Apr 29)
- Re: CVE-2017-8291 ghostscript remote code execution Kurt H Maier (Apr 28)