File Deletion and Command Execution Vulnerability in a2ps by A2PS Inc.
CVE-2014-0466

Currently unrated

Key Information:

Vendor: Gnu
Status: A2ps
Vendor: CVE Published:; 3 April 2014

Summary

The fixps script in a2ps version 4.14 poses significant security risks due to its failure to employ the -dSAFER option during the execution of Ghostscript. This oversight allows attackers to exploit this vulnerability by delivering specially crafted PostScript files, leading to unauthorized file deletion or the execution of arbitrary commands within the system. Proper mitigation measures are essential to safeguard against potential exploits.

References

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902

x_refsource_CONFIRM

http://www.securityfocus.com/bid/66660

vdb-entryx_refsource_BID

https://security.gentoo.org/glsa/201701-67

vendor-advisoryx_refsource_GENTOO

Timeline

Vulnerability published
Apr 3, 2014
Vulnerability Reserved
Dec 19, 2013