CVE-2015-8107
- EPSS 1.72%
- Veröffentlicht 13.04.2017 14:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.
CVE-2001-1593
- EPSS 0.13%
- Veröffentlicht 05.04.2014 21:55:06
- Zuletzt bearbeitet 12.04.2025 10:46:40
The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.
CVE-2014-0466
- EPSS 0.31%
- Veröffentlicht 03.04.2014 16:15:39
- Zuletzt bearbeitet 12.04.2025 10:46:40
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.
- EPSS 15.59%
- Veröffentlicht 10.01.2005 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
CVE-2004-1377
- EPSS 0.07%
- Veröffentlicht 27.12.2004 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.