The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.
6.2AI Score
0.0004EPSS
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
7.3AI Score
0.034EPSS
The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
6.1AI Score
0.0004EPSS
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.
7.5AI Score
0.004EPSS
Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.
7.8CVSS
7.7AI Score
0.006EPSS