CVE-2014-0466

Currently unrated

Key Information:

Vendor: Gnu
Status: A2ps
Vendor: CVE Published:; 3 April 2014

Summary

The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.

References

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902

x_refsource_CONFIRM

http://www.securityfocus.com/bid/66660

vdb-entryx_refsource_BID

https://security.gentoo.org/glsa/201701-67

vendor-advisoryx_refsource_GENTOO

Timeline

Vulnerability published
Apr 3, 2014
Vulnerability Reserved
Dec 19, 2013