Search for vulnerabilities
Vulnerability details: VCID-x6bw-hc4u-63g4
Vulnerability ID VCID-x6bw-hc4u-63g4
Aliases CVE-2017-8291
Summary
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
System Score Found at
cvssv3.1 7.8 http://openwall.com/lists/oss-security/2017/04/28/2
ssvc Attend http://openwall.com/lists/oss-security/2017/04/28/2
cvssv3.1 7.8 https://access.redhat.com/errata/RHSA-2017:1230
ssvc Attend https://access.redhat.com/errata/RHSA-2017:1230
cvssv3 7.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8291.json
epss 0.92482 https://api.first.org/data/v1/epss?cve=CVE-2017-8291
epss 0.92482 https://api.first.org/data/v1/epss?cve=CVE-2017-8291
epss 0.92482 https://api.first.org/data/v1/epss?cve=CVE-2017-8291
epss 0.92482 https://api.first.org/data/v1/epss?cve=CVE-2017-8291
epss 0.92482 https://api.first.org/data/v1/epss?cve=CVE-2017-8291
epss 0.92482 https://api.first.org/data/v1/epss?cve=CVE-2017-8291
cvssv3.1 7.8 https://bugs.ghostscript.com/show_bug.cgi?id=697808
ssvc Attend https://bugs.ghostscript.com/show_bug.cgi?id=697808
cvssv3.1 7.8 https://bugzilla.redhat.com/show_bug.cgi?id=1446063
ssvc Attend https://bugzilla.redhat.com/show_bug.cgi?id=1446063
cvssv3.1 7.8 https://bugzilla.suse.com/show_bug.cgi?id=1036453
ssvc Attend https://bugzilla.suse.com/show_bug.cgi?id=1036453
cvssv2 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.8 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d
ssvc Attend https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d
archlinux High https://security.archlinux.org/AVG-256
cvssv3.1 7.8 https://security.gentoo.org/glsa/201708-06
ssvc Attend https://security.gentoo.org/glsa/201708-06
cvssv3.1 7.8 https://www.exploit-db.com/exploits/41955/
ssvc Attend https://www.exploit-db.com/exploits/41955/
cvssv3.1 7.8 http://www.debian.org/security/2017/dsa-3838
ssvc Attend http://www.debian.org/security/2017/dsa-3838
cvssv3.1 7.8 http://www.securityfocus.com/bid/98476
ssvc Attend http://www.securityfocus.com/bid/98476
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8291.json
https://api.first.org/data/v1/epss?cve=CVE-2017-8291
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10220
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5951
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8291
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2 http://openwall.com/lists/oss-security/2017/04/28/2
201708-06 https://security.gentoo.org/glsa/201708-06
41955 https://www.exploit-db.com/exploits/41955/
861295 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861295
98476 http://www.securityfocus.com/bid/98476
ASA-201705-3 https://security.archlinux.org/ASA-201705-3
AVG-256 https://security.archlinux.org/AVG-256
CVE-2017-8291 Exploit https://github.com/rapid7/metasploit-framework/blob/03e4ee91c2473775c2a8f28aa36c2023da2854bf/modules/exploits/unix/fileformat/ghostscript_type_confusion.rb
CVE-2017-8291 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/41955.rb
dsa-3838 http://www.debian.org/security/2017/dsa-3838
?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d
RHSA-2017:1230 https://access.redhat.com/errata/RHSA-2017:1230
show_bug.cgi?id=1036453 https://bugzilla.suse.com/show_bug.cgi?id=1036453
show_bug.cgi?id=1446063 https://bugzilla.redhat.com/show_bug.cgi?id=1446063
show_bug.cgi?id=697808 https://bugs.ghostscript.com/show_bug.cgi?id=697808
USN-3272-1 https://usn.ubuntu.com/3272-1/
Data source KEV
Date added May 24, 2022
Description Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile.
Required action Apply updates per vendor instructions.
Due date June 14, 2022
Note 
https://nvd.nist.gov/vuln/detail/CVE-2017-8291
Ransomware campaign use Unknown
Data source Exploit-DB
Date added May 2, 2017
Description Ghostscript 9.21 - Type Confusion Arbitrary Command Execution (Metasploit)
Ransomware campaign use Known
Source publication date May 2, 2017
Exploit type local
Platform linux
Source update date May 2, 2017
Source URL https://github.com/rapid7/metasploit-framework/blob/03e4ee91c2473775c2a8f28aa36c2023da2854bf/modules/exploits/unix/fileformat/ghostscript_type_confusion.rb
Data source Metasploit
Description This module exploits a type confusion vulnerability in Ghostscript that can be exploited to obtain arbitrary command execution. This vulnerability affects Ghostscript versions 9.21 and earlier and can be exploited through libraries such as ImageMagick and Pillow.
Note 
Stability:
  - crash-safe
SideEffects: []
Reliability: []
AKA:
  - ghostbutt
RelatedModules:
  - exploit/multi/fileformat/ghostscript_failed_restore
  - exploit/unix/fileformat/imagemagick_delegate
Ransomware campaign use Unknown
Source publication date April 27, 2017
Platform Unix
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/unix/fileformat/ghostscript_type_confusion.rb
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://openwall.com/lists/oss-security/2017/04/28/2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:44:47Z/ Found at http://openwall.com/lists/oss-security/2017/04/28/2
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2017:1230
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:44:47Z/ Found at https://access.redhat.com/errata/RHSA-2017:1230
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8291.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugs.ghostscript.com/show_bug.cgi?id=697808
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:44:47Z/ Found at https://bugs.ghostscript.com/show_bug.cgi?id=697808
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=1446063
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:44:47Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=1446063
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.suse.com/show_bug.cgi?id=1036453
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:44:47Z/ Found at https://bugzilla.suse.com/show_bug.cgi?id=1036453
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:44:47Z/ Found at https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/201708-06
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:44:47Z/ Found at https://security.gentoo.org/glsa/201708-06
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/41955/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:44:47Z/ Found at https://www.exploit-db.com/exploits/41955/
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.debian.org/security/2017/dsa-3838
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:44:47Z/ Found at http://www.debian.org/security/2017/dsa-3838
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/98476
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:44:47Z/ Found at http://www.securityfocus.com/bid/98476
Exploit Prediction Scoring System (EPSS)
Percentile 0.99727
EPSS Score 0.92482
Published At Aug. 9, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:38:56.695809+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.19/main.json 37.0.0