Vulnerability CVE-2005-2536: Information
Description
pstotext before 1.8g does not properly use the "-dSAFER" option when calling Ghostscript to extract plain text from PostScript and PDF files, which allows remote attackers to execute arbitrary commands via a malicious PostScript file.
Severity: HIGH (7.5)
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
pstotext | sisyphus | 1.9-alt3 | 1.9-alt3 | ALT-PU-2020-3101-1 | 260205 | Fixed |
pstotext | p10 | 1.9-alt3 | 1.9-alt3 | ALT-PU-2020-3101-1 | 260205 | Fixed |
pstotext | p9 | 1.9-alt3 | 1.9-alt3 | ALT-PU-2020-3110-1 | 260206 | Fixed |
pstotext | c10f1 | 1.9-alt3 | 1.9-alt3 | ALT-PU-2020-3101-1 | 260205 | Fixed |
pstotext | c9f2 | 1.9-alt3 | 1.9-alt3 | ALT-PU-2022-1921-1 | 300239 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
GLSA-200507-29 |
|
16183 |
|
14378 | |
DSA-792 | |
16305 | |
16624 | |
pstotext-dsafer-command-execution(21498) |