Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a /OutputFile (%pipe% substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
The product does not correctly convert an object, resource, or structure from one type to a different type.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ghostscript | Artifex | * | 9.21 (including) |