SB2016032908 - Type confusion in ghostscript (Alpine package)
Published: March 29, 2016
Security Bulletin ID
SB2016032908
CSH Severity
Critical
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Type confusion (CVE-ID: CVE-2017-8291)
CWE-ID: CWE-704 - Type conversion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
The vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on a targeted system.
The weakness exists due to type confusion error when processing user-supplied parameters passed to the .rsdparams and .eqproc functions in ghostscript. A remote attacker can submit a specially crafted .eps document, execute code in the context of the ghostscript process and bypass -dSAFER protection.
Successful exploitation of the vulnerability may result in system compromise.
Note: this vulnerability is being exploited in the wild.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=5e753b12c86f19cc249a631482ee1a4a739e45aa
- https://git.alpinelinux.org/aports/commit/?id=c13758613f3110e14c2e9eda818406f235d996c1
- https://git.alpinelinux.org/aports/commit/?id=d76bbde3138831382b99b95241f4699877628b6d
- https://git.alpinelinux.org/aports/commit/?id=84d9d1ac4496bf8360a8e717152bb81419d7e989
- https://git.alpinelinux.org/aports/commit/?id=ecd52791ab2f99ba3adc08ecae1f67bce5be1f80
- https://git.alpinelinux.org/aports/commit/?id=0d31fbd835bf00e76c6af48139c8f30e9ee0d095
- https://git.alpinelinux.org/aports/commit/?id=9e5165491f23d8a3319f093ca306f184f770e241
- https://git.alpinelinux.org/aports/commit/?id=2f6ffe9d3546ffc27017c9e64547d3540322fb5a