7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Max Vozeler from the Debian Audit Project discovered that pstopnm, a
converter from Postscript to the PBM, PGM and PNM formats, launches
Ghostscript in an insecure manner, which might lead to the execution
of arbitrary shell commands, when converting specially crafted Postscript
files.
For the old stable distribution (woody) this problem has been fixed in
version 9.20-8.6.
For the stable distribution (sarge) this problem has been fixed in
version 10.0-8sarge3.
For the unstable distribution (sid) this problem has been fixed in
version 10.0-9.
We recommend that you upgrade your netpbm package.
CPE | Name | Operator | Version |
---|---|---|---|
netpbm-free | eq | 2:10.0-8sarge2 | |
netpbm-free | eq | 2:10.0-8sarge1 | |
netpbm-free | eq | 2:10.0-8 |