CVE-2009-5067

Publication date 10 October 2012

Last updated 4 August 2025

Description

Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a .. (dot dot) in the "include file" SSI directive. NOTE: this issue only might be a vulnerability in limited scenarios, such as if html2ps is invoked by a web application, or if a user-assisted attacker provides filenames whose contents could cause a denial of service, such as certain devices.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
html2ps	13.10 saucy	Not affected
	13.04 raring	Not affected
	12.10 quantal	Not affected
	12.04 LTS precise	Not affected
	11.10 oneiric	Ignored end of life
	11.04 natty	Ignored end of life
	10.04 LTS lucid	Ignored end of life
	8.04 LTS hardy	Ignored end of life

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://bugzilla.redhat.com/show_bug.cgi?id=526513
http://www.openwall.com/lists/oss-security/2012/10/05/5
http://www.openwall.com/lists/oss-security/2012/10/05/1
http://www.mandriva.com/security/advisories?name=MDVSA-2012:161
http://user.it.uu.se/~jan/html2ps-1.0b7.tar.gz
http://packetstormsecurity.org/files/81614/html2ps-1.0-beta5-File-Disclosure.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548633
https://www.cve.org/CVERecord?id=CVE-2009-5067