Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 29 Apr 2017 19:24:09 +0800
From: redrain root <>
Subject: Re: CVE-2017-8291 ghostscript remote code execution

I know this issue is a type confusion similar to your initialized dsc
for example
The last previous vulnerability code exists in the
zinitialize_dsc_parser(). The method gets the memory data using
dict_memory() and treats it as an object to call its gs_alloc_struct()
in the Evince code execution demo,  uses ghostscript ( as the .ps
file processor
and another demo attack imagick is the shell command injection vuln.

and CVE-2017-8291 is a part of my exploit last year it also affect some
programs use ghostscript
that's why I use Evince as the example.


2017-04-29 13:36 GMT+08:00 Tavis Ormandy <>:

> On Fri, Apr 28, 2017 at 7:43 PM, redrain root <>
> wrote:
> >
> > what a awkward??
> > I have discovered a part of my vulns about ghostscript last year and
> > exploited in fulldisclosure early!
> > and these vulns are part of mine I was going to discovered these in
> defcon
> > or other conference...WTF...
> > u guys are logo designer???
> >
> > there are two demos last year
> > Evince Arbitrary Code Execution Attack
> Imagick
> > through Ghostscript
> >
> I don't think so, that is CVE-2016-7976 and is entirely unrelated to
> the issue being discussed, other than superficial similarity of the
> exploit.
> That issue was reported by me, and we discussed the ImageMagick and
> evince attack vectors at the time, you can check the archives if
> you're interested.
> This issue (CVE-2017-8291) is a type confusion vulnerability (well,
> technically two vulnerabilities), and was found in the wild.
> Tavis.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ