PT-2005-3376 · Netpbm+2 · Netpbm+2

Max Vozeler

Published

2005-08-05

Updated

2017-10-11

CVE-2005-2471

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions netpbm (affected versions not specified)

Description The issue concerns the pstopnm function in netpbm, which fails to properly utilize the "-dSAFER" option when invoking Ghostscript for converting PostScript files into PBM, PGM, or PNM files. This oversight enables external attackers, with user assistance, to execute arbitrary commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2471

DSA-1021-1

RHSA-2005:743

RHSA-2005_743

Affected Products

Ghostscript

Red Hat

Netpbm

PT-2005-3376 · Netpbm+2 · Netpbm+2

CVE-2005-2471

Related Identifiers

Affected Products

References · 19