Ghostscript -dSAFER Bypass and Remote Command Execution via .rsdparams Type Confusion
CVE-2017-8291 is a vulnerability in Artifex Ghostscript, affecting versions through 2017-04-26, in which the -dSAFER sandbox can be bypassed via type confusion involving .rsdparams. A crafted PostScript/EPS document containing a "/OutputFile (%pipe%" substring can cause Ghostscript to treat attacker-controlled data in a way that defeats the intended safety restrictions and permits command execution. The issue is particularly relevant when Ghostscript is invoked to process untrusted EPS input, including indirectly through applications that render or preview EPS content. The provided context notes exploitation in the wild in April 2017 and specifically references use against the Hangul word processor, where opening a malicious attachment triggered exploitation and shellcode execution.
Are you exposed to this one?
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
Impact, mitigation & remediation
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
Impact
What an attacker gets, and what they’ve been doing with it.
Mitigation
If you can’t patch tonight, do this now.
Remediation
Patch, then assume compromise.
Exploits
4 valid exploits after Mallory filtered fakes, detection scripts, and README-only repos.
This repository provides a proof-of-concept (POC) exploit for the GhostButt vulnerability (CVE-2017-8291) affecting Python's PIL/Pillow library when used with GhostScript. The repository contains a simple Flask web application (app.py) that allows users to upload PNG files, which are then processed using PIL. The vulnerability arises because PIL determines file type based on file headers, not extensions, and passes EPS files to GhostScript for processing. The included poc.png is actually a malicious EPS file disguised as a PNG, containing PostScript code that exploits the GhostScript sandbox bypass to execute arbitrary commands on the server (demonstrated by creating /tmp/aaaaa). The Dockerfile and docker-compose.yml facilitate easy setup of the vulnerable environment. The README files provide detailed background, exploitation steps, and references. The main attack vector is via network (HTTP file upload), and the exploit demonstrates arbitrary command execution on the server. The repository is a clear, functional POC for CVE-2017-8291, targeting Python web applications using PIL/Pillow and GhostScript.
This repository demonstrates a remote command execution exploit targeting Python web applications that use the PIL/Pillow library with Ghostscript for image processing. The main application (app.py) is a Flask web server that allows users to upload images, which are then processed using PIL. If a user uploads a specially crafted EPS file (disguised as a PNG), Ghostscript is invoked by PIL to process the file. Due to vulnerabilities in Ghostscript (CVE-2017-8291 and CVE-2018-16509), the '-dSAFER' sandbox can be bypassed, allowing arbitrary shell commands to be executed on the server. The repository includes proof-of-concept EPS files (poc.png, poc_ctf.png) that demonstrate file creation and reverse shell payloads. The attack vector is network-based, exploiting the web upload endpoint at http://localhost:8000. The exploit is operational, providing real command execution on vulnerable systems. The repository is structured with a main Python application, documentation, Docker configuration for easy setup, and example payloads.
This repository demonstrates a proof-of-concept exploit for CVE-2017-8291, a remote command execution vulnerability affecting Python's PIL/Pillow library when used in conjunction with a vulnerable version of GhostScript (<=9.21). The repository contains a simple Flask web application (app.py) that allows users to upload PNG images, which are then processed using PIL. Due to the way PIL determines image type by file header, an attacker can upload a malicious EPS file disguised as a PNG. When processed, GhostScript executes embedded PostScript code, bypassing the '-dSAFER' sandbox and allowing arbitrary command execution. The provided POC (poc.png) creates a file '/tmp/aaaaa' on the server, but this can be modified to execute any command, including spawning a reverse shell. The repository includes setup instructions using Docker, a detailed README in both English and Chinese, and a sample exploit file. The main attack vector is via the web application's file upload endpoint, and exploitation requires the backend to process user-supplied images with PIL and GhostScript.
This repository demonstrates a proof-of-concept (POC) exploit for CVE-2017-8291, a remote code execution vulnerability in the Python Imaging Library (PIL) when used with GhostScript. The exploit leverages the fact that PIL determines image type based on file headers, not extensions, allowing an attacker to upload a malicious EPS file disguised as a PNG. When the server processes this file (using GhostScript), arbitrary shell commands embedded in the EPS are executed. The repository includes a Flask web application (app.py) that accepts PNG uploads, a docker-compose.yml for environment setup, and a crafted poc.png file that, when uploaded, causes the server to create a file at /tmp/aaaaa, demonstrating code execution. The README provides detailed setup and exploitation instructions. The main attack vector is via HTTP file upload to the web interface at http://localhost:8000/. The exploit is a POC but can be weaponized by modifying the payload to execute more impactful commands, such as spawning a reverse shell.
Affected products & vendors
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
An old EPS-related vulnerability in the Hangul word processor that APT37 used via malicious phishing attachments to execute shellcode and deliver M2RAT.
An Artifex Ghostscript vulnerability referenced as exploited by APT37 in the report.
The version that knows your environment.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.