{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-03-31T00:00:00", "descriptions": [{"lang": "en", "value": "The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-15T17:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902"}, {"name": "66660", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/66660"}, {"name": "GLSA-201701-67", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-67"}, {"name": "openSUSE-SU-2014:0499", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00021.html"}, {"name": "DSA-2892", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-2892"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2014-0466", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902", "refsource": "CONFIRM", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902"}, {"name": "66660", "refsource": "BID", "url": "http://www.securityfocus.com/bid/66660"}, {"name": "GLSA-201701-67", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-67"}, {"name": "openSUSE-SU-2014:0499", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00021.html"}, {"name": "DSA-2892", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2892"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:20:17.946Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902"}, {"name": "66660", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/66660"}, {"name": "GLSA-201701-67", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-67"}, {"name": "openSUSE-SU-2014:0499", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00021.html"}, {"name": "DSA-2892", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-2892"}]}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2014-0466", "datePublished": "2014-04-03T15:00:00", "dateReserved": "2013-12-19T00:00:00", "dateUpdated": "2024-08-06T09:20:17.946Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:a2ps:4.14:*:*:*:*:*:*:*", "matchCriteriaId": "05534AB5-7B26-417D-988F-F0663710D2EF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file."}, {"lang": "es", "value": "El script fixps en a2ps 4.14 no utiliza la opci\u00f3n -dSAFER cuando ejecuta gs, lo que permite a atacantes dependientes de contexto eliminar archivos arbitrarios o ejecutar comandos arbitrarios a trav\u00e9s de un archivo PostScript."}], "id": "CVE-2014-0466", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-04-03T16:15:39.863", "references": [{"source": "security@debian.org", "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00021.html"}, {"source": "security@debian.org", "url": "http://www.debian.org/security/2014/dsa-2892"}, {"source": "security@debian.org", "url": "http://www.securityfocus.com/bid/66660"}, {"source": "security@debian.org", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902"}, {"source": "security@debian.org", "url": "https://security.gentoo.org/glsa/201701-67"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-2892"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/66660"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201701-67"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "a2ps: fixps does not invoke gs with -dSAFER", "id": "1082410", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1082410"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "draft"}, "details": ["The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file."], "name": "CVE-2014-0466", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "a2ps", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "a2ps", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "a2ps", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2014-03-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-0466\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0466"], "statement": "This issue did not affect the versions of a2ps as shipped with Red Hat Enterprise Linux 7.\nRed Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate"}