Max Vozeler has reported a vulnerability in netpbm, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to pstopnm not using the "-dSAFER" option when calling GhostScript to convert a PostScript file into a PBM, PGM, or PNM file. This allows a malicious PostScript file to execute arbitrary commands on a vulnerable system.
The vulnerability has been reported in version 10.0. Other versions may also be affected.
Solution: Only use pstopnm on trusted files.
Provided and/or discovered by: Max Vozeler
Original Advisory: Debian:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org