Debian Security Advisory DSA 1021-1 - Max Vozeler from the Debian Audit Project discovered that pstopnm, a converter from Postscript to the PBM, PGM and PNM formats, launches Ghostscript in an insecure manner, which might lead to the execution of arbitrary shell commands, when converting specially crafted Postscript files.
c805afd688bd7387640c3694a50b68d7630757d17cd7512253e04e23bcfd57c8Ubuntu Security Notice USN-164-1 - Max Vozeler discovered that the the pstopnm conversion tool did not use the -dSAFER option when calling ghostscript. This option prohibits file operations and calling commands within PostScript code. This flaw could be exploited by an attacker to execute arbitrary code if he tricked an user (or an automatic server) into processing a specially crafted PostScript document with pstopnm.
e7bee8ebff81a32f1d1b893ba21274a04bb055f8c81980d772a51a23273a551d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed