Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
| Version | Score | Severity | Vector String |
|---|---|---|---|
| 3.1 | 7.8 | High | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| Product | Vendor | Version |
|---|---|---|
| n/a | n/a | < 9b00fb12cdc9d8d1c3ffe82a78e74738127803fc |
| n/a | n/a | < 4.2.11 |