CVE-2014-0466

Name of the Vulnerable Software and Affected Versions a2ps versions 4.14

Description The issue concerns multiple vulnerabilities in the a2ps package of the Debian GNU/Linux operating system, which can be exploited to compromise the confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be performed remotely. Specifically, the fixps script in a2ps does not use the -dSAFER option when executing gs, allowing context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.

Recommendations For a2ps version 4.14, consider disabling the fixps script until a patch is available to prevent potential exploitation. Restrict access to the gs execution to minimize the risk of arbitrary file deletion or command execution. Avoid using crafted PostScript files in the affected a2ps version until the issue is resolved.