oss-sec mailing list archives

Re: CVE-2017-8291 ghostscript remote code execution

From: Tavis Ormandy <taviso () google com>
Date: Fri, 28 Apr 2017 22:36:16 -0700

On Fri, Apr 28, 2017 at 7:43 PM, redrain root <rootredrain () gmail com> wrote:


what a awkward??
I have discovered a part of my vulns about ghostscript last year and
exploited in fulldisclosure early!
and these vulns are part of mine I was going to discovered these in defcon
or other conference...WTF...
u guys are logo designer???

there are two demos last year
Evince Arbitrary Code Execution https://youtu.be/wzcrHXngfcM Attack Imagick
through Ghostscript https://youtu.be/tPGm_ANDyOw


I don't think so, that is CVE-2016-7976 and is entirely unrelated to
the issue being discussed, other than superficial similarity of the
exploit.

That issue was reported by me, and we discussed the ImageMagick and
evince attack vectors at the time, you can check the archives if
you're interested.

http://seclists.org/oss-sec/2016/q4/29

This issue (CVE-2017-8291) is a type confusion vulnerability (well,
technically two vulnerabilities), and was found in the wild.

Tavis.

Current thread:

CVE-2017-8291 ghostscript remote code execution Marcus Meissner (Apr 27)
- <Possible follow-ups>
- Re: CVE-2017-8291 ghostscript remote code execution security (Apr 27)
  - Re: CVE-2017-8291 ghostscript remote code execution Kurt H Maier (Apr 28)
    - Re: CVE-2017-8291 ghostscript remote code execution David Black (Apr 28)
    - Re: CVE-2017-8291 ghostscript remote code execution redrain root (Apr 28)
    - Re: CVE-2017-8291 ghostscript remote code execution Tavis Ormandy (Apr 28)
    - Re: CVE-2017-8291 ghostscript remote code execution redrain root (Apr 29)
  - Re: CVE-2017-8291 ghostscript remote code execution Kurt H Maier (Apr 28)