Package pstotext updated to version 1.9-alt3 for branch sisyphus in task 260205.

Published: 2005-08-10
Modified: 2024-11-21

CVE-2005-2536

pstotext before 1.8g does not properly use the "-dSAFER" option when calling Ghostscript to extract plain text from PostScript and PDF files, which allows remote attackers to execute arbitrary commands via a malicious PostScript file.

Severity: HIGH (7.5)

References:

16183
16183
16305
16305
16624
16624
DSA-792
DSA-792
GLSA-200507-29
GLSA-200507-29
14378
14378
pstotext-dsafer-command-execution(21498)
pstotext-dsafer-command-execution(21498)

Published: 2006-11-27
Modified: 2011-03-08

CVE-2006-5869

pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name.

Severity: MEDIUM (5.1)

References:

DSA-1220
21299
23135
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356988
17897
20012
ADV-2006-1707

Version: 2.1.0

Package pstotext update in sisyphus on 2020-10-22

ALT-PU-2020-3101-1

Closed vulnerabilities

CVE-2005-2536

CVE-2006-5869