• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

NetPBM PSToPNM Arbitrary Code Execution Vulnerability

The 'pstopnm' command is susceptible to an arbitrary command-execution vulnerability. This issue is due to the program's failure of to ensure that GhostScript is executed in a secure manner.

This issue allows attackers to create malicious PostScript files that allow arbitrary commands to be executed when the affected utility parses the files. This occurs in the context of the user running the affected utility.

This vulnerability was reported in version 10.0 of netpbm. Other versions may also be affected.