The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent malicious users to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu a2ps 4.14 |