Lucene search

[email protected]CVE-2005-2471

HistoryAug 05, 2005 - 4:00 a.m.

CVE-2005-2471

2005-08-0504:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-2471

netpbm

pstopnm

ghostscript

command execution

vulnerability

6.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

88.9%

JSON

pstopnm in netpbm does not properly use the “-dSAFER” option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands.

CPENameOperatorVersion
netpbm:netpbmnetpbmeq2.10.0.8

CPE	Name	Operator	Version
netpbm:netpbm	netpbm	eq	2.10.0.8

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=319757

secunia.com/advisories/16184

secunia.com/advisories/18330

secunia.com/advisories/19436

securitytracker.com/id?1014752

www.debian.org/security/2006/dsa-1021

www.novell.com/linux/security/advisories/2005_19_sr.html

www.osvdb.org/18253

www.redhat.com/support/errata/RHSA-2005-743.html

www.securityfocus.com/bid/14379

www.trustix.org/errata/2005/0038/

exchange.xforce.ibmcloud.com/vulnerabilities/21500

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11645

6.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

88.9%

JSON

Related for CVE-2005-2471

openvas6 osv1 redhat1 nessus6 centos3 ubuntu1 debiancve1 gentoo1 ubuntucve1 debian1