2744 matches found
security flaw
pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a 1 PBM, 2 PGM, or 3 PNM file, which allows external user-assisted attackers to execute arbitrary commands...
Low: Red Hat Security Advisory: netpbm security update
Updated netpbm packages that fix a security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The netpbm package contains a library of functions that support programs for handling various graphics file formats, including .pbm...
USN-164-1: netpbm vulnerability
Max Vozeler discovered that the the "pstopnm" conversion tool did not use the -dSAFER option when calling ghostscript. This option prohibits file operations and calling commands within PostScript code. This flaw could be exploited by an attacker to execute arbitrary code if he tricked an user or ...
CVE-2005-2536
pstotext before 1.8g does not properly use the "-dSAFER" option when calling Ghostscript to extract plain text from PostScript and PDF files, which allows remote attackers to execute arbitrary commands via a malicious PostScript file...
CVE-2005-2536
pstotext before 1.8g does not properly use the "-dSAFER" option when calling Ghostscript to extract plain text from PostScript and PDF files, which allows remote attackers to execute arbitrary commands via a malicious PostScript file...
CVE-2005-2536
Removed by vendor...
CVE-2005-2536
pstotext before 1.8g does not properly use the "-dSAFER" option when calling Ghostscript to extract plain text from PostScript and PDF files, which allows remote attackers to execute arbitrary commands via a malicious PostScript file...
[USN-163-1] xpdf vulnerability
=========================================================== Ubuntu Security Notice USN-163-1 August 09, 2005 xpdf vulnerability CAN-2005-2097 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 Warty Warthog Ubuntu 5.04...
GLSA-200508-04 : Netpbm: Arbitrary code execution in pstopnm
The remote host is affected by the vulnerability described in GLSA-200508-04 Netpbm: Arbitrary code execution in pstopnm Max Vozeler reported that pstopnm calls the GhostScript interpreter on untrusted PostScript files without specifying the -dSAFER option, to convert a PostScript file into a PBM...
CVE-2005-2471
pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a 1 PBM, 2 PGM, or 3 PNM file, which allows external user-assisted attackers to execute arbitrary commands...
CVE-2005-2471
pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a 1 PBM, 2 PGM, or 3 PNM file, which allows external user-assisted attackers to execute arbitrary commands...
Netpbm: Arbitrary code execution in pstopnm
Background Netpbm is a package of 220 graphics programs and a programming libraries, including pstopnm. pstopnm is a tool which converts PostScript files to PNM image files. Description Max Vozeler reported that pstopnm calls the GhostScript interpreter on untrusted PostScript files without...
GLSA-200507-29 : pstotext: Remote execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-200507-29 pstotext: Remote execution of arbitrary code Max Vozeler reported that pstotext calls the GhostScript interpreter on untrusted PostScript files without specifying the -dSAFER option. Impact : An attacker could craft a...
pstotext: Remote execution of arbitrary code
Background pstotext is a program that works with GhostScript to extract plain text from PostScript and PDF files. Description Max Vozeler reported that pstotext calls the GhostScript interpreter on untrusted PostScript files without specifying the -dSAFER option. Impact An attacker could craft a...
netpbm / pstotext PostScript code execution
-dSAFER option is not used while calling GhostScript...
[SA16184] netpbm Arbitrary Postscript Code Execution Vulnerability
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
CVE-2002-2047
The file preview functionality in Sketch 0.6.12 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an encapsulated Postscript EPS file...
CVE-2002-2047
The file preview functionality in Sketch 0.6.12 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an encapsulated Postscript EPS file...
Xerox DocuCentre / WorkCentre Postscript Interpreter Traversal (XRX05-001)
According to its model number and software versions, the remote host is a Xerox Document Centre or WorkCentre device in which the PostScript interpreter may allow unauthorized access to the underlying directory structure. Using a specially crafted PostScript file, an attacker could exploit this...
CVE-2004-1086
Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows remote attackers to execute arbitrary code via a crafted PostScript input file...