Loading
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
Use CWE-843, Artifex vendor hub and Ghostscript product page to widen CVE-2017-8291 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-27837, CVE-2025-27836 and CVE-2025-27832 for nearby disclosures in the same product family.