File Deletion and Command Execution Vulnerability in a2ps by A2PS Inc.
CVE-2014-0466

Currently unrated

Key Information:

Vendor
Gnu
Status
Vendor
CVE Published:
3 April 2014

Summary

The fixps script in a2ps version 4.14 poses significant security risks due to its failure to employ the -dSAFER option during the execution of Ghostscript. This oversight allows attackers to exploit this vulnerability by delivering specially crafted PostScript files, leading to unauthorized file deletion or the execution of arbitrary commands within the system. Proper mitigation measures are essential to safeguard against potential exploits.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.