pstotext before 1.8g does not properly use the "-dSAFER" option when calling Ghostscript to extract plain text from PostScript and PDF files, which allows remote attackers to execute arbitrary commands via a malicious PostScript file.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2005-08-10T04:00:00
Updated: 2017-07-10T14:57:01
Reserved: 2005-08-10T00:00:00
Link: CVE-2005-2536
JSON object: View
NVD Information
Status : Modified
Published: 2005-08-10T04:00:00.000
Modified: 2017-07-11T01:32:53.533
Link: CVE-2005-2536
JSON object: View
Redhat Information
No data.
CWE