All errata/p9/ALT-PU-2020-3110-1
ALT-PU-2020-3110-1

Package update pstotext in branch p9

Version1.9-alt3
Task#260206
Published2020-10-23
Max severityHIGH
Severity:

Closed issues (2)

CVE-2005-2536
HIGH7.5

pstotext before 1.8g does not properly use the "-dSAFER" option when calling Ghostscript to extract plain text from PostScript and PDF files, which allows remote attackers to execute arbitrary commands via a malicious PostScript file.

Published: 2005-08-10Modified: 2026-04-16
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
References
CVE-2006-5869
MEDIUM5.1

pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name.

Published: 2006-11-26Modified: 2026-04-23
CVSS 2.0MEDIUM 5.1
CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:P/A:P
References