a2ps
Page content
- Author: kikadf
- Vulnerable: 4.14-4
- Unaffected: 4.14-5arcturus1
The spy_user function which is called when a2ps is invoked with the –debug flag insecurely used temporary files. Brian M. Carlson reported that a2ps’s fixps script does not invoke gs with the -dSAFER option. Consequently executing fixps on a malicious PostScript file could result in files being deleted or arbitrary commands being executed with the privileges of the user running fixps.