VIR Vulnerability Intelligence Relay

CVE-2017-8291

high KEV
Published 2022-05-24 · Modified 2022-05-24
CVSS v3
CVSS v2
VIR risk
9.5

Description

Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile.

CISA KEV

Vendor
Artifex
Product
Ghostscript
Due date
2022-06-14

Predictions

Exploit likelihood
99%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://nvd.nist.gov/vuln/detail/CVE-2017-8291

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2017-8291

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2017-8291.html

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-201705-3

Exploits

OS impact
OSVersionStatusFixed in
arch archfixed9.21-2
suse slesaffected
debian debianbookwormfixed9.20~dfsg-3.1
debian debianbullseyefixed9.20~dfsg-3.1
debian debianforkyfixed9.20~dfsg-3.1
debian debiansidfixed9.20~dfsg-3.1
debian debiantrixiefixed9.20~dfsg-3.1

References

Verify integrity in audit chain (admin only). AS-IS.