Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "libgs9-dbgsym": "9.10~dfsg-0ubuntu10.7", "ghostscript-dbgsym": "9.10~dfsg-0ubuntu10.7", "ghostscript-dbg": "9.10~dfsg-0ubuntu10.7", "ghostscript-doc": "9.10~dfsg-0ubuntu10.7", "ghostscript-x": "9.10~dfsg-0ubuntu10.7", "libgs9": "9.10~dfsg-0ubuntu10.7", "ghostscript-x-dbgsym": "9.10~dfsg-0ubuntu10.7", "libgs-dev-dbgsym": "9.10~dfsg-0ubuntu10.7", "libgs9-common": "9.10~dfsg-0ubuntu10.7", "ghostscript": "9.10~dfsg-0ubuntu10.7", "libgs-dev": "9.10~dfsg-0ubuntu10.7" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "libgs9-dbgsym": "9.18~dfsg~0-0ubuntu2.4", "ghostscript-dbgsym": "9.18~dfsg~0-0ubuntu2.4", "ghostscript-dbg": "9.18~dfsg~0-0ubuntu2.4", "ghostscript-doc": "9.18~dfsg~0-0ubuntu2.4", "ghostscript-x": "9.18~dfsg~0-0ubuntu2.4", "libgs9": "9.18~dfsg~0-0ubuntu2.4", "ghostscript-x-dbgsym": "9.18~dfsg~0-0ubuntu2.4", "libgs-dev-dbgsym": "9.18~dfsg~0-0ubuntu2.4", "libgs9-common": "9.18~dfsg~0-0ubuntu2.4", "ghostscript": "9.18~dfsg~0-0ubuntu2.4", "libgs-dev": "9.18~dfsg~0-0ubuntu2.4" } ] }