CVE-2014-0466

CVE-2014-0466 affects the a2ps package. The underlying issue is in the fixps script: it does not invoke Ghostscript with the -dSAFER option, enabling a crafted PostScript file to trigger arbitrary commands or delete files. Documented impact across multiple distros states remote attackers could ex...

CVE-2004-1377

The CVE-2004-1377 issue affects the a2ps package: the fixps (fixps.in) and psmandup (psmandup.in) scripts allow local users to overwrite arbitrary files via a symlink attack on temporary files, with impact being partial integrity if exploited. Documentation in multiple advisories confirms this vu...

CVE-2004-1170

CVE-2004-1170 affects a2ps 4.13, where remote attackers could cause arbitrary command execution by supplying shell metacharacters in a filename. The vulnerability stems from insecure handling of filenames, enabling code execution with the privileges of the invoking user. Several connected advisor...

CVE-2001-1593

CVE-2001-1593 affects the a2ps package (versions 4.14 and earlier). The vulnerability is in the tempname_ensure function (lib/routines.h), used by the spy_user function, allowing local users to modify arbitrary files via a symlink attack on a temporary file. Impact is local file modification with...

CVE-2015-8107

CVE-2015-8107 affects GNU a2ps