CVE-2014-0466

Debian Bug report logs - #737385 a2ps: CVE-2001-1593: insecure use of /tmp Package: a2ps; Maintainer for a2ps is Debian QA Group <packages@qadebianorg>; Source for a2ps is src:a2ps (PTS, buildd, popcon) Reported by: Jakub Wilk <jwilk@debianorg> Date: Sun, 2 Feb 2014 10:45:06 UTC Severity: important Tags: securit ...

Debian Bug report logs - #742902 a2ps: CVE-2014-0466: does not invoke gs with -dSAFER Package: a2ps; Maintainer for a2ps is Debian QA Group <packages@qadebianorg>; Source for a2ps is src:a2ps (PTS, buildd, popcon) Reported by: "brian m carlson" <sandals@crustytoothpastenet> Date: Fri, 28 Mar 2014 20:06:02 UTC Se ...

Several vulnerabilities have been found in a2ps, an Anything to PostScript converter and pretty-printer The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2001-1593 The spy_user function which is called when a2ps is invoked with the --debug flag insecurely used temporary files CVE-2014-0466 Brian ...

The fixps script in a2ps 414 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file ...