Vulnerability CVE-2005-2536: Information

Description

pstotext before 1.8g does not properly use the "-dSAFER" option when calling Ghostscript to extract plain text from PostScript and PDF files, which allows remote attackers to execute arbitrary commands via a malicious PostScript file.

Severity: HIGH (7.5)

URL: https://nvd.nist.gov/vuln/detail/CVE-2005-2536
Published: Aug. 10, 2005
Modified: July 11, 2017

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
pstotextsisyphus1.9-alt31.9-alt3ALT-PU-2020-3101-1260205Fixed
pstotextp101.9-alt31.9-alt3ALT-PU-2020-3101-1260205Fixed
pstotextp91.9-alt31.9-alt3ALT-PU-2020-3110-1260206Fixed
pstotextc10f11.9-alt31.9-alt3ALT-PU-2020-3101-1260205Fixed
pstotextc9f21.9-alt31.9-alt3ALT-PU-2022-1921-1300239Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
GLSA-200507-29
  • Patch
  • Vendor Advisory
16183
  • Vendor Advisory
14378
    DSA-792
      16305
        16624
          pstotext-dsafer-command-execution(21498)

              1. Configuration 1

                cpe:2.3:a:pstotext:pstotext:*:*:*:*:*:*:*:*
                End including
                1.9.1
            VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
            Version: v24.4.2
            Back to top