Mandrake Linux Security Advisory : netpbm (MDKSA-2005:133)

Max Vozeler discovered that pstopnm, a part of the netpbm graphics utility suite, would call the GhostScript interpreter on untrusted PostScript files without using the -dSAFER option when converting a PostScript file into a PBM, PGM, or PNM file. This could result in the execution of arbitrary...

RHEL 3 : ghostscript (RHSA-2005:081)

Updated ghostscript packages that fix a PDF output issue and a temporary file security bug are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Ghostscript is a program for displaying PostScript files or printing them to non-PostScript...

ghostscript, hpijs security update

CentOS Errata and Security Advisory CESA-2005:081 Updated ghostscript packages that fix a PDF output issue and a temporary file security bug are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Ghostscript is a program for displaying...

temporary file vulnerabilities in various ghostscript scripts.

The 1 pj-gs.sh, 2 ps2epsi, 3 pv.sh, and 4 sysvlp.sh scripts in the ESP Ghostscript espgs package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files...

Low: Red Hat Security Advisory: ghostscript security update

Updated ghostscript packages that fix a PDF output issue and a temporary file security bug are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Ghostscript is a program for displaying PostScript files or printing them to non-PostScript...

Debian DSA-792-1 : pstotext - missing input sanitising

Max Vozeler discovered that pstotext, a utility to extract text from PostScript and PDF files, did not execute ghostscript with the -dSAFER argument, which prevents potential malicious operations to happen. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package chec...

DSA-792-1 pstotext - missing input sanitising

Bulletin has no description...

security flaw

pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a 1 PBM, 2 PGM, or 3 PNM file, which allows external user-assisted attackers to execute arbitrary commands...

USN-164-1: netpbm vulnerability

Max Vozeler discovered that the the "pstopnm" conversion tool did not use the -dSAFER option when calling ghostscript. This option prohibits file operations and calling commands within PostScript code. This flaw could be exploited by an attacker to execute arbitrary code if he tricked an user or ...

CVE-2005-2536

pstotext before 1.8g does not properly use the "-dSAFER" option when calling Ghostscript to extract plain text from PostScript and PDF files, which allows remote attackers to execute arbitrary commands via a malicious PostScript file...

CVE-2005-2536

pstotext before 1.8g does not properly use the "-dSAFER" option when calling Ghostscript to extract plain text from PostScript and PDF files, which allows remote attackers to execute arbitrary commands via a malicious PostScript file...

CVE-2005-2536

Removed by vendor...

GLSA-200508-04 : Netpbm: Arbitrary code execution in pstopnm

The remote host is affected by the vulnerability described in GLSA-200508-04 Netpbm: Arbitrary code execution in pstopnm Max Vozeler reported that pstopnm calls the GhostScript interpreter on untrusted PostScript files without specifying the -dSAFER option, to convert a PostScript file into a PBM...

CVE-2005-2471

pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a 1 PBM, 2 PGM, or 3 PNM file, which allows external user-assisted attackers to execute arbitrary commands...

CVE-2005-2471

pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a 1 PBM, 2 PGM, or 3 PNM file, which allows external user-assisted attackers to execute arbitrary commands...

CVE-2005-2471

pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a 1 PBM, 2 PGM, or 3 PNM file, which allows external user-assisted attackers to execute arbitrary commands...

CVE-2005-2471

pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a 1 PBM, 2 PGM, or 3 PNM file, which allows external user-assisted attackers to execute arbitrary commands...

CVE-2005-2471

CVE-2005-2471 concerns netpbm's pstopnm utility, which does not properly use -dSAFER when invoking Ghostscript to convert PostScript to PBM/PGM/PNM. This can allow an attacker to execute arbitrary commands via specially crafted PostScript files. Public disclosures reference a fix in several distr...

CVE-2005-2471

pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a 1 PBM, 2 PGM, or 3 PNM file, which allows external user-assisted attackers to execute arbitrary commands...

Netpbm: Arbitrary code execution in pstopnm

Background Netpbm is a package of 220 graphics programs and a programming libraries, including pstopnm. pstopnm is a tool which converts PostScript files to PNM image files. Description Max Vozeler reported that pstopnm calls the GhostScript interpreter on untrusted PostScript files without...