File Deletion and Command Execution Vulnerability in a2ps by A2PS Inc.
CVE-2014-0466
Currently unrated
Summary
The fixps script in a2ps version 4.14 poses significant security risks due to its failure to employ the -dSAFER option during the execution of Ghostscript. This oversight allows attackers to exploit this vulnerability by delivering specially crafted PostScript files, leading to unauthorized file deletion or the execution of arbitrary commands within the system. Proper mitigation measures are essential to safeguard against potential exploits.
References
Timeline
Vulnerability published
Vulnerability Reserved