Your submission was sent successfully! Close

CVE-2014-0466

Published: 03 April 2014

The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.

Priority

Medium

Status

Package Release Status
a2ps
Launchpad, Ubuntu, Debian
Upstream
Released (1:4.14-1.3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [1:4.14-1.3])