Max Vozeler has reported a vulnerability in pstotext, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to pstotext not using the "-dSAFER" option when calling GhostScript to extract plain-text from PostScript files. This potentially allows malicious postscript code to execute arbitrary commands on the system.
The vulnerability has been reported in version 1.9. Other versions may also be affected.
Solution: Only use pstotext on trusted files.
Provided and/or discovered by: Max Vozeler
Original Advisory: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319758
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org