7.5

CVE-2005-2471

pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NetpbmNetpbm Version2.10.0.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.74% 0.884
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.novell.com/linux/security/advisories/2005_19_sr.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319757
http://secunia.com/advisories/16184
Vendor Advisory
http://secunia.com/advisories/18330
Vendor Advisory
http://secunia.com/advisories/19436
Vendor Advisory
http://securitytracker.com/id?1014752
http://www.debian.org/security/2006/dsa-1021
http://www.osvdb.org/18253
http://www.redhat.com/support/errata/RHSA-2005-743.html
http://www.securityfocus.com/bid/14379
http://www.trustix.org/errata/2005/0038/
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/21500
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11645