MITRE has assigned CVE-2017-8291 to the shell injection. If the segmentation violation that is seen when executing this sample represents a second security issue, please let me know and I'll be happy to fill in the forms for another CVE.

Thanks

I think the shell commands are a red herring, the type confusion in .rsdparams is the real issue (missing operand type check), which is used to disable SAFER.

It's a clever exploit. I don't know how I missed the .rsdparams bug when I was searching for missing type checks.

A more minimal testcase would be just 16#0x41414141 .rsdparams.

(see bug 697190 for an older example)

(without the 0x, sorry)

Oh, and .eqproc also needs to be fixed. Fun.

*** This bug has been marked as a duplicate of bug 697799 ***

Will there be a release cut soon with this patch? Would be great to have available via package managers. via https://casenet.us/

Artifex releases Ghostscript on (roughly) 6 month intervals. We will be
preparing a release candidate in the next week or two, and going through our
thorough review also during the time the release candidate is available for
review by distros (and anyone else that gets our gs-devel email announcing it).

Unless we encounter unexpected difficulties, the release should be finalized
before the end of September.