Red Hat Bugzilla – Bug 165354
CAN-2005-2471 netpbm should use the -dSAFER option when calling Ghostscript
Last modified: 2013-07-02 19:08:28 EDT
pstopnm in netpbm does not properly use the "-dSAFER" option when calling
Ghostscript to convert convert a PostScript file into a (1) PBM, (2) PGM, or (3)
PNM file, which allows external user-complicit attackers to execute arbitrary
The Debian bug report has more information:
This issue should also affect RHEL2.1 and RHEL3
twaugh says we should probably use the -dPARANOIDSAFER to also protect against
Yes, this also affects RHEL2.1 and RHEL3.
I've done a patch that applies to netpbm-9.24 we have in 2.1 and 3.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.